Kubernetes Dashboard Service Account Authentication Bypass Vulnerability

A vulnerability in Kubernetes Dashboard could allow an authenticated, remote attacker to bypass service account authentication and view unauthorized data on a targeted system.

The vulnerability exists because the affected software performs improper security restrictions when authenticating to a service account. An attacker could exploit this vulnerability by sending a crafted cookie to the targeted system. A successful exploit could allow the attacker to gain unauthorized access to a service account and view unauthorized data.

Kubernetes has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-18264

Source:: Cisco Multivendor Vulnerability Alerts