A vulnerability in Kubernetes Dashboard could allow an authenticated, remote attacker to bypass service account authentication and view unauthorized data on a targeted system.
The vulnerability exists because the affected software performs improper security restrictions when authenticating to a service account. An attacker could exploit this vulnerability by sending a crafted cookie to the targeted system. A successful exploit could allow the attacker to gain unauthorized access to a service account and view unauthorized data.
Kubernetes has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium