Vulnerability Details : CVE-2023-22478
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.
Products affected by CVE-2023-22478
- cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-22478
6.99%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-22478
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
GitHub, Inc. |
CWE ids for CVE-2023-22478
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-22478
-
https://github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6
fix: 解决系统登陆日志泄漏-未授权访问 · KubeOperator/KubePi@0c6774b · GitHubPatch;Third Party Advisory
-
https://github.com/KubeOperator/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4
Unauthorized access to system API · Advisory · KubeOperator/KubePi · GitHubPatch;Third Party Advisory
-
https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4
Release v1.6.4 · KubeOperator/KubePi · GitHubRelease Notes;Third Party Advisory
Jump to