Improper Access Control

github.com/kubeoperator/kubepi is vulnerable to Improper Access Control. A remote attacker is able to bypass the system's preset permission settings to access restricted API interfaces which leak sensitive user information. The vulnerability also impacts how online applications handle routing...

KubeOperator allows unauthorized access to system API

Summary Unauthorized access refers to the ability to bypass the system's preset permission settings to access some API interfaces. The attack exploits a flaw in how online applications handle routing permissions. Affected Version = v3.16.3 Patches The vulnerability has been fixed in v3.16.3...

PT-2023-18530 · Kubepi · Kubepi

Name of the Vulnerable Software and Affected Versions: KubePi versions prior to 1.6.4 Description: The issue allows unauthorized access to system API interfaces, potentially leaking sensitive information. This is due to a flaw in how online applications handle routing permissions. There are no...

PT-2023-18532 · Unknown · Kubeoperator

Name of the Vulnerable Software and Affected Versions: KubeOperator versions 3.16.3 and below Description: The issue allows unauthorized access to API interfaces, potentially leaking sensitive information and allowing takeover of the cluster under certain conditions. This is due to a flaw in...

No routing password permissions when the Dove on-line method-vulnerability warning-the black bar safety net

No routing password permissions when the pigeons on the line method: The first step:tools--FTP--FTP home directory, just in the desktop build one, put the following ports into 2 1. The user name can not fill. The following two options are marked with a tick. Then turn on the service. Completed th...