All Vulnerability Reports

Kubernetes Dashboard TLS Certificate Leak


Severity

High

Vendor

Pivotal Cloud Foundry

Description

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Container Service (PKS) all versions prior to 1.2.5
Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Container Service (PKS) version 1.2.5
References
History

2019-01-04: Initial vulnerability report published

Contattaci