Kubernetes · Kubernetes Ingress Default Backend · CVE-2018-1002104
Name of the Vulnerable Software and Affected Versions:
Kubernetes ingress default backend versions prior to 1.5
Description:
The issue concerns the exposure of Prometheus metrics publicly due to the Kubernetes ingress default backend handling invalid ingress traffic improperly.
Recommendations:
For versions prior to 1.5, update to version 1.5 or later to resolve the issue.