All Vulnerability Reports

Kubernetes Dashboard TLS Certificate Leak

Severity

High

Vendor

Pivotal Cloud Foundry

Description

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.

Affected VMware Products and Versions

Severity is high unless otherwise noted.

• Pivotal Container Service (PKS) all versions prior to 1.2.5

Mitigation

Users of affected versions should apply the following mitigation:

• Releases that have fixed this issue include:
  • Pivotal Container Service (PKS) version 1.2.5

References

• https://www.cloudfoundry.org/blog/cve-2018-18264/
• https://groups.google.com/d/msg/kubernetes-security-discuss/jvMKMOkFW8U/KloclNQZEQAJ

History

2019-01-04: Initial vulnerability report published