Closed
Description
CVE-2018-18264 references github.com/kubernetes/dashboard, which may be a Go module.
Description:
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
References:
- NIST: https://nvd.nist.gov/vuln/detail/CVE-2018-18264
- web: https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
- web: http://www.securityfocus.com/bid/106493
- web: https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI
- web: https://github.com/kubernetes/dashboard/releases/tag/v1.10.1
- fix: Security fix (CVE-2018-18264) kubernetes/dashboard#3400
- fix: Fix for unauthenticated secret access kubernetes/dashboard#3289
- Imported by: https://pkg.go.dev/github.com/kubernetes/dashboard?tab=importedby
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/kubernetes/dashboard
vulnerable_at: 1.10.1
packages:
- package: n/a
cves:
- CVE-2018-18264
references:
- web: https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
- web: http://www.securityfocus.com/bid/106493
- web: https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI
- web: https://github.com/kubernetes/dashboard/releases/tag/v1.10.1
- fix: https://github.com/kubernetes/dashboard/pull/3400
- fix: https://github.com/kubernetes/dashboard/pull/3289