Enhancement: cves/2018/CVE-2018-18264.yaml by mp
parent
4094a71c34
commit
9197f60d15
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2018-18264
|
||||
|
||||
info:
|
||||
name: Kubernetes Dashboard unauthenticated secret access
|
||||
name: Kubernetes Dashboard <1.10.1 - Authentication Bypass
|
||||
author: edoardottt
|
||||
severity: high
|
||||
description: Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-18264
|
||||
- https://github.com/kubernetes/dashboard/pull/3289
|
||||
- https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
|
||||
- https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-18264
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -34,4 +34,6 @@ requests:
|
|||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(body, "apiVersion") && contains(body, "objectRef")'
|
||||
- 'contains(body, "apiVersion") && contains(body, "objectRef")'
|
||||
|
||||
# Enhanced by mp on 2022/06/13
|
||||
|
|
Loading…
Reference in New Issue