CVE-2018-18264 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-18264 Interim 1 9 2025-02-17T02:35:25Z current 2021-05-30T14:17:48Z 2025-02-17T02:35:25Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-18264 Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server Business Critical Linux 15 SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server for SAP Applications 15 SP1 kubernetes kubernetes-client kubernetes-common kubernetes-kubeadm kubernetes-kubelet kubernetes-client as a component of SUSE CaaS Platform 4.0 kubernetes-common as a component of SUSE CaaS Platform 4.0 kubernetes-kubeadm as a component of SUSE CaaS Platform 4.0 kubernetes-kubelet as a component of SUSE CaaS Platform 4.0 kubernetes as a component of SUSE CaaS Platform 4.0 kubernetes as a component of SUSE Enterprise Storage 6 kubernetes-client as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS kubernetes-common as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS kubernetes as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS kubernetes-client as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS kubernetes-common as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS kubernetes as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS kubernetes-client as a component of SUSE Linux Enterprise Module for Public Cloud 12 kubernetes as a component of SUSE Linux Enterprise Module for Public Cloud 12 kubernetes-client as a component of SUSE Linux Enterprise Server 15 SP1-LTSS kubernetes-common as a component of SUSE Linux Enterprise Server 15 SP1-LTSS kubernetes as a component of SUSE Linux Enterprise Server 15 SP1-LTSS kubernetes as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP1 kubernetes-client as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 kubernetes-common as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 kubernetes as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. CVE-2018-18264 SUSE CaaS Platform 4.0:kubernetes SUSE CaaS Platform 4.0:kubernetes-client SUSE CaaS Platform 4.0:kubernetes-common SUSE CaaS Platform 4.0:kubernetes-kubeadm SUSE CaaS Platform 4.0:kubernetes-kubelet SUSE Enterprise Storage 6:kubernetes SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:kubernetes SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:kubernetes-client SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:kubernetes-common SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:kubernetes SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:kubernetes-client SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:kubernetes-common SUSE Linux Enterprise Module for Public Cloud 12:kubernetes SUSE Linux Enterprise Module for Public Cloud 12:kubernetes-client SUSE Linux Enterprise Server 15 SP1-LTSS:kubernetes SUSE Linux Enterprise Server 15 SP1-LTSS:kubernetes-client SUSE Linux Enterprise Server 15 SP1-LTSS:kubernetes-common SUSE Linux Enterprise Server Business Critical Linux 15 SP1:kubernetes SUSE Linux Enterprise Server for SAP Applications 15 SP1:kubernetes SUSE Linux Enterprise Server for SAP Applications 15 SP1:kubernetes-client SUSE Linux Enterprise Server for SAP Applications 15 SP1:kubernetes-common important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N