KubeOperator Foreground `kubeconfig` - File Download

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...

CVE-2023-22480

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...

GO-2023-1463 KubePi may allow unauthorized access to system API in github.com/KubeOperator/kubepi

KubePi may allow unauthorized access to system API in github.com/KubeOperator/kubepi...

GO-2023-1468 KubePi session fixation attack allows an attacker to hijack a legitimate user session. in github.com/KubeOperator/kubepi

KubePi session fixation attack allows an attacker to hijack a legitimate user session. in github.com/KubeOperator/kubepi...

Privilege Escalation

github.com/kubeoperator/kubepi is vulnerable toPrivilege Escalation . The vulnerability exists due to improper permission restrictions when creating or updating users which allows an attacker to perform authorized actions on users such as changing roles...

Information Disclosure

github.com/kubeoperator/kubepi is vulnerable to Information Disclosure. The vulnerability exists because the password hash is not properly restricted to authenticated users which allows an attacker to gain access to sensitive information such as a password hash...

Session Fixation

github.com/KubeOperator/kubepi is vulnerable to Session Fixation. The vulnerability exists due to insufficient session expiration mechanisms in the library, allowing an attacker to hijack the legitimate user sessions...

Authentication Bypass

github.com/KubeOperator/KubeOperator is vulnerable to Authentication Bypass. The vulnerability exists because the V1 function of v1api.go does not properly handle the online application routing permissions, allowing an attacker to bypass the system's preset permission settings to access some API...

CVE-2023-22480

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...

Design/Logic Flaw

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...

CVE-2023-22480

CVE-2023-22480 affects KubeOperator: versions 3.16.3 and earlier expose API interfaces to unauthorized entities, potentially leaking sensitive information and enabling cluster takeover under certain conditions. Patch released in 3.16.4 (upgrade to 3.16.4 or later). Exploitation details are not de...

CVE-2023-22480 KubeOperator is vulnerable to unauthorized access to system API

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...

CVE-2023-22480 KubeOperator is vulnerable to unauthorized access to system API

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...

CVE-2023-22480 KubeOperator is vulnerable to unauthorized access to system API

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...

KubeOperator 授权问题漏洞

KubeOperator is an open source, lightweight Kubernetes distribution focused on helping organizations plan, deploy, and operate production-grade K8s clusters. An authorization issue vulnerability exists in KubeOperator versions prior to 3.16.4, which stems from the API interacting with an...

Authentication Bypass

github.com/kubeoperator/kubepi is vulnerable to authentication bypass. The vulnerability exists due to the use of hard coded Jwtsigkeys which allows an attacker to read the values and and use them to arbitrarily forge Jwtsigkeys...

GHSA-JXGP-JGH3-8JC8 KubeOperator allows unauthorized access to system API

Summary Unauthorized access refers to the ability to bypass the system's preset permission settings to access some API interfaces. The attack exploits a flaw in how online applications handle routing permissions. Affected Version = v3.16.3 Patches The vulnerability has been fixed in v3.16.3...

KubeOperator allows unauthorized access to system API

Summary Unauthorized access refers to the ability to bypass the system's preset permission settings to access some API interfaces. The attack exploits a flaw in how online applications handle routing permissions. Affected Version = v3.16.3 Patches The vulnerability has been fixed in v3.16.3...

PT-2023-18532 · Unknown · Kubeoperator

Name of the Vulnerable Software and Affected Versions: KubeOperator versions 3.16.3 and below Description: The issue allows unauthorized access to API interfaces, potentially leaking sensitive information and allowing takeover of the cluster under certain conditions. This is due to a flaw in...