KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h | Exploit Third Party Advisory |
Configurations
History
31 Jul 2023, 18:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fit2cloud
Fit2cloud kubepi |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:* |
21 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-21 21:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-37916
Mitre link : CVE-2023-37916
CVE.ORG link : CVE-2023-37916
JSON object : View
Products Affected
fit2cloud
- kubepi
CWE