Auto Generated CVE annotations [Fri Dec 2 09:11:55 UTC 2022] 🤖

2022-12-02 09:11:55 +00:00 · 2022-12-02 09:11:55 +00:00 · 07aa71d22f
parent 745ecb559f
commit 07aa71d22f
1 changed files with 5 additions and 2 deletions
--- a/cves/2022/CVE-2022-45933.yaml
+++ b/cves/2022/CVE-2022-45933.yaml
@ -3,17 +3,20 @@ id: CVE-2022-45933
 info:
  name: KubeView - Information disclosure
  author: For3stCo1d
-  severity: high
+  severity: critical
  description: |
    KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
  reference:
    - https://github.com/benc-uk/kubeview/issues/95
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45933
  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
    cve-id: CVE-2022-45933
+    cwe-id: CWE-287
  metadata:
-    verified: true
    shodan-query: http.title:"KubeView"
+    verified: "true"
  tags: cve,cve2022,kubeview,kubernetes,exposure

 requests: