Enhancement: cves/2022/CVE-2022-45933.yaml by md

cves/2022/CVE-2022-45933.yaml

@@ -1,14 +1,15 @@
 id: CVE-2022-45933
 
 info:
-  name: KubeView - Information disclosure
+  name: KubeView <=0.1.31 - Information Disclosure
   author: For3stCo1d
   severity: critical
   description: |
-    KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
+    KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://github.com/benc-uk/kubeview/issues/95
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45933
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-45933
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -37,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/02/03