Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt

Rule Explanation

This rule is designed to address the authentication bypass bug in Kubernetes dashboard versions prior to v1.10.1.

What To Look For

This rule alerts when an attempt to access the 'kubernetes-dashboard-certs' API endpoint is detected, regardless if the user has authenticated or not.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Defense Evasion

Technique: Valid Accounts

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Additional Links

Rule Vulnerability

Information Leak

Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.

CVE Additional Information