CVE-2023-22480

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fit2cloud:kubeoperator:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:44

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 7.3
Summary
  • (es) KubeOperator es una distribución de Kubernetes de código abierto centrada en ayudar a las empresas a planificar, implementar y operar clústeres K8 a nivel de producción. En las versiones 3.16.3 y anteriores de KubeOperator, la API interactúa con entidades no autorizadas y puede filtrar información confidencial. Esta vulnerabilidad podría usarse para hacerse cargo del clúster bajo ciertas condiciones. Este problema se solucionó en la versión 3.16.4.
References () https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf - Patch, Third Party Advisory () https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf - Patch, Third Party Advisory
References () https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4 - Release Notes, Third Party Advisory () https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4 - Release Notes, Third Party Advisory
References () https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8 - Patch, Third Party Advisory () https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8 - Patch, Third Party Advisory

07 Nov 2023, 04:06

Type Values Removed Values Added
Summary KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.

Information

Published : 2023-01-14 01:15

Updated : 2024-11-21 07:44


NVD link : CVE-2023-22480

Mitre link : CVE-2023-22480

CVE.ORG link : CVE-2023-22480


JSON object : View

Products Affected

fit2cloud

  • kubeoperator
CWE
CWE-285

Improper Authorization

CWE-863

Incorrect Authorization