Lucene search

GoogleOSV:GO-2023-1463

HistoryAug 20, 2024 - 8:25 p.m.

KubePi may allow unauthorized access to system API in github.com/KubeOperator/kubepi

2024-08-2020:25:58

Google

osv.dev

kubepi

unauthorized access

system api

risk

github

kubeoperator

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.124

Percentile

95.5%

JSON

KubePi may allow unauthorized access to system API in github.com/KubeOperator/kubepi

References

github.com/1Panel-dev/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4

github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6

github.com/KubeOperator/KubePi/releases/tag/v1.6.4

github.com/KubeOperator/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4

nvd.nist.gov/vuln/detail/CVE-2023-22478

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.124

Percentile

95.5%

JSON

Related for OSV:GO-2023-1463