Kubernetes Dashboard prior to 1.10.1 allows malicious users to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
kubernetes dashboard