Vulnerability Details CVE-2023-22478
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.78
EPSS Ranking 98.9%
CVSS Severity
CVSS v3 Score 7.3
References
- https://github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6
- https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4
- https://github.com/KubeOperator/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4
- https://github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6
- https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4
- https://github.com/KubeOperator/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4
Products affected by CVE-2023-22478
-
cpe:2.3:a:fit2cloud:kubepi:-
-
cpe:2.3:a:fit2cloud:kubepi:1.0.0
-
cpe:2.3:a:fit2cloud:kubepi:1.0.1
-
cpe:2.3:a:fit2cloud:kubepi:1.1.0
-
cpe:2.3:a:fit2cloud:kubepi:1.1.1
-
cpe:2.3:a:fit2cloud:kubepi:1.1.2
-
cpe:2.3:a:fit2cloud:kubepi:1.2.0
-
cpe:2.3:a:fit2cloud:kubepi:1.2.1
-
cpe:2.3:a:fit2cloud:kubepi:1.2.2
-
cpe:2.3:a:fit2cloud:kubepi:1.3.0
-
cpe:2.3:a:fit2cloud:kubepi:1.4.0
-
cpe:2.3:a:fit2cloud:kubepi:1.4.1
-
cpe:2.3:a:fit2cloud:kubepi:1.4.2
-
cpe:2.3:a:fit2cloud:kubepi:1.5.0
-
cpe:2.3:a:fit2cloud:kubepi:1.5.1
-
cpe:2.3:a:fit2cloud:kubepi:1.5.2
-
cpe:2.3:a:fit2cloud:kubepi:1.5.3
-
cpe:2.3:a:fit2cloud:kubepi:1.6.0
-
cpe:2.3:a:fit2cloud:kubepi:1.6.1
-
cpe:2.3:a:fit2cloud:kubepi:1.6.2
-
cpe:2.3:a:fit2cloud:kubepi:1.6.3