Lucene search
K

68 matches found

Cvelist
Cvelist
added 2019/09/24 1:38 p.m.21 views

CVE-2018-9090

CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials admin/admin for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured b...

6.2AI score0.00793EPSS
Exploits0References2
CVE
CVE
added 2019/09/24 1:38 p.m.44 views

CVE-2018-9090

CVE-2018-9090 affects CoreOS Tectonic 1.7.x and 1.8.x prior to 1.8.7-tectonic.2, where Grafana runs with administrator credentials (admin/admin) stored in the grafana-credentials secret because passwords are not randomized for administrator configuration. This enables an attacker to inject an XSS...

6.1CVSS6AI score0.00793EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/05/22 12:0 a.m.4 views

CoreOS Tectonic Information Disclosure Vulnerability

CoreOS Tectonic is an automated enterprise Kubernetes platform. The platform automates operational tasks, enabling platform portability and multi-cluster management. An information disclosure vulnerability exists in CoreOS Tectonic version 1.7.x before 1.7.9-tectonic.4 and version 1.8.x before...

7.5CVSS6.4AI score0.01671EPSS
Exploits0References1
Prion
Prion
added 2018/05/18 3:29 p.m.19 views

Authorization

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...

5CVSS7.7AI score0.01671EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/05/18 3:29 p.m.23 views

CVE-2018-5256

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...

7.5CVSS7.8AI score0.01671EPSS
Exploits0References2
OSV
OSV
added 2018/05/18 3:29 p.m.4 views

CVE-2018-5256

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...

7.5CVSS5.8AI score0.01671EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/05/18 3:0 p.m.28 views

CVE-2018-5256

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...

7.8AI score0.01671EPSS
Exploits0References2
CVE
CVE
added 2018/05/18 3:0 p.m.42 views

CVE-2018-5256

CoreOS Tectonic information disclosure: A vulnerable proxy surface is exposed in Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3. A direct proxy to the Kubernetes API server at /api/kubernetes/ is mounted without authentication, enabling unauthenticated access and listing...

7.5CVSS7.7AI score0.01671EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder