CVE-2024-36111 KubePi's JWT token validation has a defect

KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the ke...

1Panel KubePi 安全漏洞

1Panel KubePi is a K8s panel from the Chinese company 1Panel. It allows administrators to import multiple Kubernetes clusters and assign permissions for different clusters, namespaces to specified users through permission control. A security vulnerability exists in 1Panel KubePi version 1.6.3 up ...