Lucene search

K
cvelistGitHub_MCVELIST:CVE-2023-22480
HistoryJan 14, 2023 - 12:03 a.m.

CVE-2023-22480 KubeOperator is vulnerable to unauthorized access to system API

2023-01-1400:03:19
CWE-285
GitHub_M
www.cve.org

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

9.5 High

AI Score

Confidence

High

0.108 Low

EPSS

Percentile

95.1%

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.

CNA Affected

[
  {
    "vendor": "KubeOperator",
    "product": "KubeOperator",
    "versions": [
      {
        "version": "<= 3.16.3",
        "status": "affected"
      }
    ]
  }
]

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

9.5 High

AI Score

Confidence

High

0.108 Low

EPSS

Percentile

95.1%