Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 18/05/2018 Updated: 18/09/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

CoreOS Tectonic 1.7.x prior to 1.7.9-tectonic.4 and 1.8.x prior to 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an malicious user to directly connect to the kubernetes API server. Unauthenticated users are able to list all Namespaces through the Console, resulting in an information disclosure. Tectonic's exposure of an unauthenticated API endpoint containing information regarding the internal state of the cluster can provide an attacker with information that may assist in other attacks against the cluster. For example, an attacker may not have the permissions required to list all namespaces in the cluster but can instead leverage this vulnerability to enumerate the namespaces and then begin to check each namespace for weak authorization policies that may allow further escalation of privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat tectonic

CWE-200 https://coreos.com/tectonic/releases/#1.8.4-tectonic.3 https://coreos.com/blog/tectonic-namespace-information-disclosure-vulnerability-patched https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-5256

Vulnerability Summary

References

Vulmon Search

About

Products

Connect