Vulnerabilities > Redhat > Tectonic > 1.7.1.tectonic.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-24 | CVE-2018-9090 | Cross-site Scripting vulnerability in Redhat Tectonic CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. | 4.3 |
| 2018-05-18 | CVE-2018-5256 | Information Exposure vulnerability in Redhat Tectonic CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. | 5.0 |