15 matches found
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials admin/admin for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured b...
EUVD-2018-20693
Malware in sbrugna...
EUVD-2018-17038
Malware in sbrugna...
Red Hat CoreOS Tectonic Cross-Site Scripting Vulnerability
Red Hat CoreOS Tectonic is an open source, automated enterprise Kubernetes platform from Red Hat. The platform is mainly used to automate the execution of operational tasks to achieve platform portability and multi-cluster management. A cross-site scripting vulnerability exists in Red Hat CoreOS...
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials admin/admin for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured b...
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials admin/admin for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured b...
Default credentials
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials admin/admin for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured b...
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials admin/admin for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured b...
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials admin/admin for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured b...
CoreOS Tectonic Information Disclosure Vulnerability
CoreOS Tectonic is an automated enterprise Kubernetes platform. The platform automates operational tasks, enabling platform portability and multi-cluster management. An information disclosure vulnerability exists in CoreOS Tectonic version 1.7.x before 1.7.9-tectonic.4 and version 1.8.x before...
CVE-2018-5256
CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...
Authorization
CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...
CVE-2018-5256
CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...
CVE-2018-5256
CoreOS Tectonic information disclosure: A vulnerable proxy surface is exposed in Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3. A direct proxy to the Kubernetes API server at /api/kubernetes/ is mounted without authentication, enabling unauthenticated access and listing...
CVE-2018-5256
CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...