Lucene search
+L

85 matches found

Cvelist
Cvelist
added 2023/01/04 3:4 p.m.27 views

CVE-2023-22463 KubePi's Hardcoded Jwtsigkeys allows malicious actor to login with a forged JWT token

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

9.8CVSS9.8AI score0.69667EPSS
Exploits1References4
OSV
OSV
added 2023/01/04 3:4 p.m.29 views

CVE-2023-22463 KubePi's Hardcoded Jwtsigkeys allows malicious actor to login with a forged JWT token

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

9.8CVSS9.4AI score0.69667EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/01/04 12:0 a.m.3 views

PT-2023-18515 · Kubepi · Kubepi

Name of the Vulnerable Software and Affected Versions: KubePi versions prior to 1.6.3 Description: The jwt authentication function of KubePi uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the...

9.8CVSS9.7AI score0.69667EPSS
Exploits1References10
CNNVD
CNNVD
added 2023/01/04 12:0 a.m.6 views

KubePi 信任管理问题漏洞

KubePi is a K8s panel. It allows administrators to import multiple Kubernetes clusters and assign permissions for different clusters, namespaces to specified users through permission control. KubePi 1.6.2 and prior versions have a trust management issue vulnerability that stems from its jwt...

9.8CVSS8.5AI score0.69667EPSS
Exploits1References5
Huntr
Huntr
added 2023/01/02 12:45 p.m.32 views

JwtSigKey hardcoded causes the k8s cluster to take over

Description The jwt authentication function of kubepi = v1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Further use the administrator to...

7.5CVSS9.1AI score0.69667EPSS
Exploits1
Rows per page
Query Builder