CVE-2023-22480

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fit2cloud:kubeoperator:*:*:*:*:*:*:*:*

History

07 Nov 2023, 04:06

Type Values Removed Values Added
Summary KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.

Information

Published : 2023-01-14 01:15

Updated : 2024-02-28 19:51


NVD link : CVE-2023-22480

Mitre link : CVE-2023-22480

CVE.ORG link : CVE-2023-22480


JSON object : View

Products Affected

fit2cloud

  • kubeoperator
CWE
CWE-863

Incorrect Authorization

CWE-285

Improper Authorization