Lucene search
GitHub Advisory DatabaseGHSA-22VC-5PGW-644QHistoryNov 27, 2022 - 3:30 a.m.
KubeView vulnerable to full cluster takeover due to improper authentication
2022-11-2703:30:25
CWE-287
CWE-306
GitHub Advisory Database
github.com
8
0.01 Low
EPSS
Percentile
83.5%
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor’s position is that KubeView was a “fun side project and a learning exercise,” and not “very secure.”
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/benc-uk/kubeview | le | 0.1.31 |
Related
veracode
veracode
Access Restriction Bypass
2022-11-28 06:35:39
prion
prion
Authentication flaw
2022-11-27 03:15:00
nuclei
nuclei
KubeView <=0.1.31 - Information Disclosure
2022-11-29 08:58:39
osv
osv
KubeView vulnerable to full cluster takeover due to improper authentication
2022-11-27 03:30:25
CVE-2022-45933
2022-11-27 03:15:11
cvelist
cvelist
CVE-2022-45933
2022-11-27 00:00:00
cve
cve
CVE-2022-45933
2022-11-27 03:15:00
wallarmlab
wallarmlab
Can ChatGPT be used to attack your APIs? | API Security Newsletter
2022-12-09 19:38:00