Threat Encyclopedia

Kubernetes.Dashboard.Auth.Bypass.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an information disclosure vulnerability in Kubernetes Dashboard.
A remote attacker can exploit this vulnerability through a crafted HTTP GET request. Successful exploitation allows access to the TLS certificate and private key of a Kubernetes Dashboard application

affected-products-logoAffected Products

Kubernetes Dashboard prior to 1.10.1

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor supplied advisory:
https://github.com/kubernetes/dashboard/pull/3289

CVE References

CVE-2018-18264