Lucene search
+L

85 matches found

osv
osv
added 2023/07/21 8:13 p.m.27 views

CVE-2023-37917 Privilege Escalation in kubepi

KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the isadmin value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are...

9.1CVSS8.6AI score0.00615EPSS
Exploits1References3
circl
circl
added 2023/07/21 3:5 p.m.8 views

CVE-2023-37917

creationtimestamp| type| source ---|---|--- 2023-07-21 15:05:31+00:00| published-proof-of-concept| https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-757p-vx43-fp9r...

9.1CVSS7.3AI score0.00615EPSS
Exploits1References1
gitlab
gitlab
added 2023/07/21 12:0 a.m.57 views

Improper Access Control

KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the isadmin value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are...

9.1CVSS6.7AI score0.00615EPSS
Exploits1References2Affected Software1
gitlab
gitlab
added 2023/07/21 12:0 a.m.62 views

Exposure of Sensitive Information to an Unauthorized Actor

KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user including admin. A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users...

7.5CVSS6.7AI score0.00681EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2023/07/21 12:0 a.m.4 views

PT-2023-26184 · Kubepi · Kubepi

Name of the Vulnerable Software and Affected Versions: KubePi versions prior to 1.6.5 Description: A normal user in KubePi, an open-source Kubernetes management panel, has the permission to create or update users. By editing the isadmin value in the request, any user can become an admin, thus...

9.1CVSS6.9AI score0.00615EPSS
Exploits1References9
cnnvd
cnnvd
added 2023/07/21 12:0 a.m.6 views

KubePi 信息泄露漏洞

KubePi is a K8s panel. It allows administrators to import multiple Kubernetes clusters and assign permissions for different clusters, namespaces to specified users through permission control. An information disclosure vulnerability exists in KubePi versions prior to 1.6.5, which originates from t...

7.5CVSS7.2AI score0.00681EPSS
Exploits1References2
cnnvd
cnnvd
added 2023/07/21 12:0 a.m.8 views

KubePi 安全漏洞

KubePi is a K8s panel. It allows administrators to import multiple Kubernetes clusters and assign permissions for different clusters, namespaces to specified users through permission control. A security vulnerability exists in KubePi versions prior to 1.6.5, which stems from the fact that normal...

9.1CVSS8.1AI score0.00615EPSS
Exploits1References2
gitlab
gitlab
added 2023/07/21 12:0 a.m.82 views

Improper Access Control

KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the isadmin value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are...

9.1CVSS6.7AI score0.00615EPSS
Exploits1References2Affected Software1
veracode
veracode
added 2023/01/19 4:54 a.m.37 views

Session Fixation

github.com/KubeOperator/kubepi is vulnerable to Session Fixation. The vulnerability exists due to insufficient session expiration mechanisms in the library, allowing an attacker to hijack the legitimate user sessions...

7.5CVSS6.2AI score0.00403EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2023/01/14 1:15 a.m.28 views

CVE-2023-22478

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...

7.5CVSS7.2AI score0.03573EPSS
Exploits0References3
prion
prion
added 2023/01/14 1:15 a.m.15 views

Information disclosure

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...

5CVSS7.4AI score0.03573EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2023/01/14 12:22 a.m.5 views

CVE-2023-22478 KubePi is vulnerable to missing authorization

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...

7.3CVSS7.5AI score0.03573EPSS
Exploits0References3
cvelist
cvelist
added 2023/01/14 12:22 a.m.38 views

CVE-2023-22478 KubePi is vulnerable to missing authorization

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...

7.3CVSS7.7AI score0.03573EPSS
Exploits0References3
osv
osv
added 2023/01/14 12:22 a.m.24 views

CVE-2023-22478 KubePi is vulnerable to missing authorization

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...

7.3CVSS7.3AI score0.03573EPSS
Exploits0References5
cve
cve
added 2023/01/14 12:22 a.m.104 views

CVE-2023-22478

CVE-2023-22478 affects KubePi up to version 1.6.4, enabling unauthorized API access that can expose sensitive information. The issue is publicly documented across multiple sources (NVD, NVD-derived feeds, and project advisories) and has a confirmed patch in version 1.6.4. All connected sources de...

7.5CVSS7.1AI score0.03573EPSS
In wildExploits0References3Affected Software1
gitlab
gitlab
added 2023/01/14 12:0 a.m.18 views

Missing Authorization

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...

7.5CVSS6.5AI score0.03573EPSS
Exploits0References5Affected Software1
gitlab
gitlab
added 2023/01/14 12:0 a.m.61 views

Missing Authorization

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...

7.5CVSS7.1AI score0.03573EPSS
Exploits0References5Affected Software1
cnnvd
cnnvd
added 2023/01/14 12:0 a.m.6 views

KubePi 安全漏洞

KubePi is a K8s panel. It allows administrators to import multiple Kubernetes clusters and assign permissions for different clusters, namespaces to specified users through permission control. A security vulnerability exists in KubePi versions prior to 1.6.4, which stems from the API interacting...

7.5CVSS7.2AI score0.03573EPSS
Exploits0References4
veracode
veracode
added 2023/01/13 6:48 a.m.28 views

Authentication Bypass

github.com/kubeoperator/kubepi is vulnerable to authentication bypass. The vulnerability exists due to the use of hard coded Jwtsigkeys which allows an attacker to read the values and and use them to arbitrarily forge Jwtsigkeys...

9.8CVSS9AI score0.69667EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2023/01/10 9:15 p.m.40 views

CVE-2023-22479

KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4...

7.5CVSS7.4AI score0.00403EPSS
Exploits0References1
Rows per page
Query Builder