CVE-2018-18264: Kubernetes Dashboard TLS Certificate Leak
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- Cloud Foundry Container Runtime (CFCR)
- All versions prior to 0.26.0
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard’s Service Account for reading secrets within the cluster.
Users of affected versions should apply the following mitigations or upgrades:
- Releases that have fixed this issue include:
- CFCR version 0.26.0
2019-01-04: Initial vulnerability report published.