CVE-2023-22478

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6	Patch Third Party Advisory
https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4	Release Notes Third Party Advisory
https://github.com/KubeOperator/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-01-14 01:15

Updated : 2023-01-24 18:39

NVD link : CVE-2023-22478

Mitre link : CVE-2023-22478

CVE.ORG link : CVE-2023-22478

JSON object : View

Products Affected

fit2cloud

kubepi

CWE

CWE-862

Missing Authorization

{"id": "CVE-2023-22478", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2023-01-14T01:15:14.637", "references": [{"url": "https://github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/KubeOperator/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds."}], "lastModified": "2023-01-24T18:39:23.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6B7CC4D-D5A0-4221-854C-2F37D2BB873C", "versionEndExcluding": "1.6.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}