3 matches found
CVE-2024-36111
The CVE-2024-36111 issue affects KubePi (K8s panel). Root cause: an empty JWT key in the default configuration leads to token verification failures, allowing a forged JWT to bypass login and take over the backend. Affected versions: 1.6.3 through 1.7.x (prior to 1.8.0). Version 1.8.0 contains a p...
Use of Hard-coded Credentials
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...
CVE-2023-22463
KubePi (Kubernetes dashboard) vulnerability CVE-2023-22463: The jwt authentication in versions up to 1.6.2 used hard-coded JwtSigKey in session.go, enabling forging of JWTs and unauthorized admin access across projects; attacker could escalate to K8s cluster control. The issue is fixed in 1.6.3, ...