CVE-2023-37916

Опубликовано: 21 июл. 2023

Источник: nvd

CVSS3: 6.5

CVSS3: 7.5

EPSS Низкий

Описание

KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h
Exploit
Third Party Advisory
https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:*

Версия до 1.6.5 (исключая)

EPSS

Процентиль: 40%

0.00182

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-87f6-8gr7-pc6h

CVSS3: 6.5

github

больше 2 лет назад

KubePi may leak password hash of any user

EPSS

Процентиль: 40%

0.00182

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo