Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:38271
HistoryNov 28, 2022 - 6:35 a.m.

Access Restriction Bypass

2022-11-2806:35:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
access restriction bypass
kubeview
default function
api.js
authentication bypass
certificate files
kube-admin

0.013 Low

EPSS

Percentile

85.6%

JSON

kubeview is vulnerable to access restriction bypass. The vulnerability exists in default function of api.js, because api/scrape/kube-system does not require authentication which allows an attacker to bypass the restrictions and retrieve certificate files that can be used to authenticate as kube-admin.

CPENameOperatorVersion
kubevieweq0.1.9
kubevieweq0.1.9

Related

nuclei 1
prion 1
nvd 1
osv 2
cvelist 1
github 1
cve 1
wallarmlab 1
nuclei
nuclei
KubeView <=0.1.31 - Information Disclosure
2022-11-29 08:58:39
prion
prion
Authentication flaw
2022-11-27 03:15:00
nvd
nvd
CVE-2022-45933
2022-11-27 03:15:11
osv
osv
KubeView vulnerable to full cluster takeover due to improper authentication
2022-11-27 03:30:25
CVE-2022-45933
2022-11-27 03:15:11
cvelist
cvelist
CVE-2022-45933
2022-11-27 00:00:00
github
github
KubeView vulnerable to full cluster takeover due to improper authentication
2022-11-27 03:30:25
cve
cve
CVE-2022-45933
2022-11-27 03:15:11
wallarmlab
wallarmlab
Can ChatGPT be used to attack your APIs? | API Security Newsletter
2022-12-09 19:38:00

0.013 Low

EPSS

Percentile

85.6%

JSON
Related for VERACODE:38271
nuclei1prion1nvd1osv2cvelist1github1cve1wallarmlab1