CVE-2022-45933

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side projec...

VulnCheck KEV: CVE-2022-45933

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side...

Access Restriction Bypass

kubeview is vulnerable to access restriction bypass. The vulnerability exists in default function of api.js, because api/scrape/kube-system does not require authentication which allows an attacker to bypass the restrictions and retrieve certificate files that can be used to authenticate as...

PT-2022-27692 · Kubeview · Kubeview

Name of the Vulnerable Software and Affected Versions: KubeView versions 0.1.31 and earlier Description: The issue allows attackers to obtain control of a Kubernetes cluster because the api/scrape/kube-system endpoint does not require authentication, and it retrieves certificate files that can be...