Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2018-18264: Kubernetes Dashboard TLS Certificate Leak

by: January 4, 2019

CVE-2018-18264: Kubernetes Dashboard TLS Certificate Leak

Severity

High

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • Cloud Foundry Container Runtime (CFCR)
    • All versions prior to 0.26.0

Description

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard’s Service Account for reading secrets within the cluster.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • CFCR version 0.26.0

History

2019-01-04: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-3800-1: audiofile vulnerabilities
Security Advisory

USN-3800-1: audiofile vulnerabilities

by Cloud Foundry Foundation Security Team October 29, 2018
USN-2812-1 libxml2 vulnerability
Security Advisory

USN-2812-1 libxml2 vulnerability

by Cloud Foundry Foundation Security Team December 2, 2015
CVE-2018-15797: NFS volume release errand leaks CF admin credentials in logs
Security Advisory

CVE-2018-15797: NFS volume release errand leaks CF admin credentials in logs

by Cloud Foundry Foundation Security Team December 3, 2018
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept