CVE-2018-18264

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within…

mitre·CWE-306·Published 2019-01-03

CVSS

—

EPSS

0.70

KEV

Exploits

cve.orgen

152 chars

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.

NVDen

152 chars

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.

NVDes

192 chars

Las versiones de Kubernetes Dashboard anteriores a la 1.10.1 permitían a los atacantes omitir la autenticación y usar la cuenta de servicio del dashboard para leer secretos dentro del clúster.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N