POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt
This rule is designed to address the authentication bypass bug in Kubernetes dashboard versions prior to v1.10.1.
What To Look For
This rule alerts when an attempt to access the 'kubernetes-dashboard-certs' API endpoint is detected, regardless if the user has authenticated or not.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Tactic: Defense Evasion
Technique: Valid Accounts
For reference, see the MITRE ATT&CK vulnerability types here:
Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.
CVE Additional Information