Notice of Fixing the Kubernetes Dashboard Security Vulnerability (CVE-2018-18264)
Description
The Kubernetes community has discovered the security vulnerability CVE-2018-18264 in Kubernetes Dashboard v1.10 and earlier versions. This vulnerability allows a user to skip the authentication and obtain resources that the dashboard service account has access to, such as the private key.
The dashboard add-on provided by Huawei Cloud CCE has been upgraded to v1.10.1 and is free of the Kubernetes Dashboard vulnerability CVE-2018-18264.
Type |
CVE-ID |
Severity |
Discovered |
Fixed by Huawei Cloud |
---|---|---|---|---|
Access validation error |
High |
2019-01-03 |
2019-01-05 |
For details about CVE-2018-18264, see the following:
Impact
Kubernetes Dashboard v1.10 or an earlier version (v1.7.0 to v1.10.0) that is independently deployed in your Kubernetes clusters, has a login functionality, and uses a custom certificate
Solution
The dashboard add-on provided by Huawei Cloud CCE has been upgraded to v1.10.1 and is free of the Kubernetes Dashboard vulnerability CVE-2018-18264.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot