Help Center/ Cloud Container Engine/ Product Bulletin/ Vulnerability Notices/ Notice of Fixing the Kubernetes Dashboard Security Vulnerability (CVE-2018-18264)
Updated on 2024-11-11 GMT+08:00
View PDF

Notice of Fixing the Kubernetes Dashboard Security Vulnerability (CVE-2018-18264)

Description

The Kubernetes community has discovered the security vulnerability CVE-2018-18264 in Kubernetes Dashboard v1.10 and earlier versions. This vulnerability allows a user to skip the authentication and obtain resources that the dashboard service account has access to, such as the private key.

The dashboard add-on provided by Huawei Cloud CCE has been upgraded to v1.10.1 and is free of the Kubernetes Dashboard vulnerability CVE-2018-18264.

Table 1 Vulnerability details

Type

CVE-ID

Severity

Discovered

Fixed by Huawei Cloud

Access validation error

CVE-2018-18264

High

2019-01-03

2019-01-05

For details about CVE-2018-18264, see the following:

Impact

Kubernetes Dashboard v1.10 or an earlier version (v1.7.0 to v1.10.0) that is independently deployed in your Kubernetes clusters, has a login functionality, and uses a custom certificate

Solution

The dashboard add-on provided by Huawei Cloud CCE has been upgraded to v1.10.1 and is free of the Kubernetes Dashboard vulnerability CVE-2018-18264.

Parent topic: Vulnerability Notices