daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2018/CVE-2018-18264.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-06-13 14:49:01 -04:00
parent 4094a71c34
commit 9197f60d15
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2018/CVE-2018-18264.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2018-18264 id: CVE-2018-18264
info: info:
name: Kubernetes Dashboard unauthenticated secret access name: Kubernetes Dashboard <1.10.1 - Authentication Bypass
author: edoardottt author: edoardottt
severity: high severity: high
description: Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. description: Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-18264
- https://github.com/kubernetes/dashboard/pull/3289 - https://github.com/kubernetes/dashboard/pull/3289
- https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/ - https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
- https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI - https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI
- https://nvd.nist.gov/vuln/detail/CVE-2018-18264
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -35,3 +35,5 @@ requests:
- type: dsl - type: dsl
dsl: dsl:
- 'contains(body, "apiVersion") && contains(body, "objectRef")' - 'contains(body, "apiVersion") && contains(body, "objectRef")'
# Enhanced by mp on 2022/06/13