Kubernetes.Dashboard.Auth.Bypass.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an information disclosure vulnerability in Kubernetes Dashboard.
A remote attacker can exploit this vulnerability through a crafted HTTP GET request. Successful exploitation allows access to the TLS certificate and private key of a Kubernetes Dashboard application

affected-products-logoAffected Products

Kubernetes Dashboard prior to 1.10.1

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor supplied advisory:
https://github.com/kubernetes/dashboard/pull/3289

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-05-24 14.620 Default_action:pass:drop
2019-02-06 14.543