POLICY-OTHER --
POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt
This rule is designed to address the authentication bypass bug in Kubernetes dashboard versions prior to v1.10.1.
This rule alerts when an attempt to access the 'kubernetes-dashboard-certs' API endpoint is detected, regardless if the user has authenticated or not.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Information Leak
Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.
CVE-2018-18264 |
Loading description
|
Tactic: Defense Evasion
Technique: Valid Accounts
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org