Rancher Security Advisory: Kubernetes [CVE-2018-18264] and API Server external IP address proxying

Follow
Table of Contents

January 04, 2019

This advisory was first communicated by email, on the date mentioned above, to all Rancher customers with a then active support subscription.

Greetings,

Kubernetes has announced couple of patches today to address recently discovered security vulnerabilities for both kubernetes and the kubernetes dashboard:

  1. [CVE-2018-18264] Accessing custom TLS certs via the kubernetes dashboard
  2. Kubernetes API server external IP address proxying

For more details on the announcement, see:

https://discuss.kubernetes.io/t/security-release-of-dashboard-v1-10-1-cve-2018-18264/4069
https://discuss.kubernetes.io/t/security-impact-of-kubernetes-api-server-external-ip-address-proxying/4072  

At Rancher, we want to make sure you are always updated with the latest security fixes and patches so the updated kubernetes versions v1.10.12, v1.11.6, and v1.12.4 that address this issue will be made available in Rancher v2.1.5 and v2.0.10.  There are no new Rancher v1.6 versions for these vulnerabilities because standard v1.6.x installations are not affected.

For more details of how these vulnerabilities may apply to you, please visit this blog post:

https://rancher.com/blog/2019/2019-01-04-kubernetes-dashboard-external-ip-proxying-vulnerabilities/ 

Thanks,

Rancher Support Team

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.