CVE-2023-22478

2023-01-1401:15:14

CWE-862

[email protected]

web.nvd.nist.gov

kubepi

kubernetes

panel

api

unauthorized access

vulnerability

nvd

cve-2023-22478

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.137 Low

EPSS

Percentile

95.7%

JSON

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.

Affected configurations

Vulners

NVD

Node

kubeoperatorkubepiRange≤1.6.3

CPENameOperatorVersion
fit2cloud:kubepifit2cloud kubepilt1.6.4

CPE	Name	Operator	Version
fit2cloud:kubepi	fit2cloud kubepi	lt	1.6.4

CNA Affected

[
  {
    "vendor": "KubeOperator",
    "product": "KubePi",
    "versions": [
      {
        "version": "<= 1.6.3 ",
        "status": "affected"
      }
    ]
  }
]