kubernetes-dashboard is accesible without authorization or authentication with NodePort

Bug #1719548 reported by Spyros Trigazis on 2017-09-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Magnum
New
Undecided
Unassigned

Bug Description

Opening the dashboard with no basic auth, and no tls enabled we introduce a major vulnerability to the clusters to attackers.

Action:
Allow access only via kube-proxy, recommended in the kubernetes-dashboard configuration.

summary: - kubernetes-dashboard is accesible without authorixation or
+ kubernetes-dashboard is accesible without authorization or
authentication with NodePort
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers