CVE-2018-18264 PoC — Google Kubernetes Dashboard 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-18264.yaml

Associated Vulnerability

Title:Google Kubernetes Dashboard 安全漏洞 (CVE-2018-18264)
Description:Google Kubernetes是美国Google公司的一套开源的Docker容器集群管理系统。该系统为容器化的应用提供资源调度、部署运行、服务发现和扩容缩容等功能。Kubernetes Dashboard是一款基于Web的用于管理Kubernetes集群的通用界面。 Google Kubernetes Dashboard 1.10.1之前版本中存在安全漏洞。攻击者可利用该漏洞绕过身份验证，使用Dashboard的服务账户读取信息。

Description

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.

File Snapshot


 id: CVE-2018-18264

info:
  name: Kubernetes Dashboard <1.10.1 - Authentication Bypass
  author: edo

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!