85 matches found
CVE-2023-37917 Privilege Escalation in kubepi
KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the isadmin value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are...
CVE-2023-37917
creationtimestamp| type| source ---|---|--- 2023-07-21 15:05:31+00:00| published-proof-of-concept| https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-757p-vx43-fp9r...
Improper Access Control
KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the isadmin value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are...
Exposure of Sensitive Information to an Unauthorized Actor
KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user including admin. A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users...
PT-2023-26184 · Kubepi · Kubepi
Name of the Vulnerable Software and Affected Versions: KubePi versions prior to 1.6.5 Description: A normal user in KubePi, an open-source Kubernetes management panel, has the permission to create or update users. By editing the isadmin value in the request, any user can become an admin, thus...
KubePi 信息泄露漏洞
KubePi is a K8s panel. It allows administrators to import multiple Kubernetes clusters and assign permissions for different clusters, namespaces to specified users through permission control. An information disclosure vulnerability exists in KubePi versions prior to 1.6.5, which originates from t...
KubePi 安全漏洞
KubePi is a K8s panel. It allows administrators to import multiple Kubernetes clusters and assign permissions for different clusters, namespaces to specified users through permission control. A security vulnerability exists in KubePi versions prior to 1.6.5, which stems from the fact that normal...
Improper Access Control
KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the isadmin value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are...
Session Fixation
github.com/KubeOperator/kubepi is vulnerable to Session Fixation. The vulnerability exists due to insufficient session expiration mechanisms in the library, allowing an attacker to hijack the legitimate user sessions...
CVE-2023-22478
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...
Information disclosure
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...
CVE-2023-22478 KubePi is vulnerable to missing authorization
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...
CVE-2023-22478 KubePi is vulnerable to missing authorization
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...
CVE-2023-22478 KubePi is vulnerable to missing authorization
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...
CVE-2023-22478
CVE-2023-22478 affects KubePi up to version 1.6.4, enabling unauthorized API access that can expose sensitive information. The issue is publicly documented across multiple sources (NVD, NVD-derived feeds, and project advisories) and has a confirmed patch in version 1.6.4. All connected sources de...
Missing Authorization
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...
Missing Authorization
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...
KubePi 安全漏洞
KubePi is a K8s panel. It allows administrators to import multiple Kubernetes clusters and assign permissions for different clusters, namespaces to specified users through permission control. A security vulnerability exists in KubePi versions prior to 1.6.4, which stems from the API interacting...
Authentication Bypass
github.com/kubeoperator/kubepi is vulnerable to authentication bypass. The vulnerability exists due to the use of hard coded Jwtsigkeys which allows an attacker to read the values and and use them to arbitrarily forge Jwtsigkeys...
CVE-2023-22479
KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4...