Lucene search
GoogleOSV:CVE-2023-37916HistoryJul 21, 2023 - 9:15 p.m.
CVE-2023-37916
2023-07-2121:15:11
Google
osv.dev
2
kubepi
endpoint
users
search
vulnerability
password hash
admin
upgrade
version 1.6.5
KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Related
prion
prion
Design/Logic Flaw
2023-07-21 21:15:00
cvelist
cvelist
CVE-2023-37916 Leak password hash of any user
2023-07-21 20:15:12
github
github
KubePi may leak password hash of any user
2023-07-21 20:18:09
veracode
veracode
Information Disclosure
2023-07-25 05:50:53
cve
cve
CVE-2023-37916
2023-07-21 21:15:11
gitlab
gitlab
Exposure of Sensitive Information to an Unauthorized Actor
2023-07-21 00:00:00
Exposure of Sensitive Information to an Unauthorized Actor
2023-07-21 00:00:00
osv
osv
KubePi may leak password hash of any user
2023-07-21 20:18:09