2 matches found
CVE-2018-9090
CVE-2018-9090 affects CoreOS Tectonic 1.7.x and 1.8.x prior to 1.8.7-tectonic.2, where Grafana runs with administrator credentials (admin/admin) stored in the grafana-credentials secret because passwords are not randomized for administrator configuration. This enables an attacker to inject an XSS...
CVE-2018-5256
CoreOS Tectonic information disclosure: A vulnerable proxy surface is exposed in Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3. A direct proxy to the Kubernetes API server at /api/kubernetes/ is mounted without authentication, enabling unauthenticated access and listing...