VYPR

Tectonic

by Coreos

CVEs (2)

  • CVE-2018-5256HigMay 18, 2018
    risk 0.49cvss 7.5epss 0.02

    CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server.…

  • CVE-2018-9090MedSep 24, 2019
    risk 0.40cvss 6.1epss 0.01

    CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to…