CVE-2023-37916

KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:12

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 6.5
References () https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h - Exploit, Third Party Advisory () https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h - Exploit, Third Party Advisory

31 Jul 2023, 18:32

Type Values Removed Values Added
First Time Fit2cloud
Fit2cloud kubepi
CWE CWE-200 NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (MISC) https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h - (MISC) https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h - Exploit, Third Party Advisory
CPE cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:*

21 Jul 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-21 21:15

Updated : 2024-11-21 08:12


NVD link : CVE-2023-37916

Mitre link : CVE-2023-37916

CVE.ORG link : CVE-2023-37916


JSON object : View

Products Affected

fit2cloud

  • kubepi
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo