CVE-2018-18264: Missing Authentication for Critical Function

January 3, 2019 (updated October 3, 2019)

Kubernetes Dashboard allows attackers to bypass authentication and use Dashboard’s Service Account for reading secrets within the cluster.

References

www.securityfocus.com/bid/106493
nvd.nist.gov/vuln/detail/CVE-2018-18264

Code Behaviors & Features

Detect and mitigate CVE-2018-18264 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →