CVE-2023-22478

EUVD-2023-0476
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
GitHub_MCNA
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
fit2cloudkubepi
𝑥
< 1.6.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6
https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4
https://github.com/KubeOperator/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4
https://github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6
https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4
https://github.com/KubeOperator/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4