Short Name |
HTTP:CTS-CVE-2018-18264-IN-DIS |
---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Kubernetes Dashboard Authentication Bypass Information Disclosure |
Release Date |
2019/02/26 |
Update Number |
3145 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Kubernetes Dashboard. Successful exploitation could result in the attackers gaining access to Kubernetes cluster secrets and other sensitive information.
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.