x/vulndb: potential Go vuln in github.com/kubernetes/dashboard: CVE-2018-18264

[tatianab]

CVE-2018-18264 references github.com/kubernetes/dashboard, which may be a Go module.

Description:
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2018-18264
• web: https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
• web: http://www.securityfocus.com/bid/106493
• web: https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI
• web: https://github.com/kubernetes/dashboard/releases/tag/v1.10.1
• fix: Security fix (CVE-2018-18264) kubernetes/dashboard#3400
• fix: Fix for unauthenticated secret access kubernetes/dashboard#3289
• Imported by: https://pkg.go.dev/github.com/kubernetes/dashboard?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/kubernetes/dashboard
      vulnerable_at: 1.10.1
      packages:
        - package: n/a
cves:
    - CVE-2018-18264
references:
    - web: https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
    - web: http://www.securityfocus.com/bid/106493
    - web: https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI
    - web: https://github.com/kubernetes/dashboard/releases/tag/v1.10.1
    - fix: https://github.com/kubernetes/dashboard/pull/3400
    - fix: https://github.com/kubernetes/dashboard/pull/3289

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports