Kubernetes Dashboard TLS Certificate Leak
Pivotal Cloud Foundry
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- Pivotal Container Service (PKS) all versions prior to 1.2.5
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Container Service (PKS) version 1.2.5
2019-01-04: Initial vulnerability report published