updated info

patch-1
Ritik Chaddha 2023-08-07 22:53:08 +05:30 committed by GitHub
parent 4d1578d6e7
commit c281a1dc55
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions

View File

@ -1,25 +1,26 @@
id: CVE-2023-22480 id: CVE-2023-22480
info: info:
name: KubeOperator Foreground kubeconfig Download name: KubeOperator Foreground `kubeconfig` - File Download
author: DhiyaneshDk author: DhiyaneshDk
severity: critical severity: critical
description: | description: |
KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-22480
- https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8 - https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/KubeOperator/KubeOperator%20kubeconfig%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%20CVE-2023-22480.md?plain=1 - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/KubeOperator/KubeOperator%20kubeconfig%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%20CVE-2023-22480.md?plain=1
- https://nvd.nist.gov/vuln/detail/CVE-2023-22480
classification: classification:
cve-id: CVE-2023-22480
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
cwe-id: CWE-863 cwe-id: CWE-863
metadata: metadata:
max-request: 1 max-request: 1
verified: true
shodan-query: html:"KubeOperator" shodan-query: html:"KubeOperator"
fofa-query: app="KubeOperator" fofa-query: app="KubeOperator"
verified: true tags: cve,cve2023,kubeoperator,k8s,kubeconfig,exposure
tags: cve,cve2023,kubeoperator,k8s,kubeconfig
http: http:
- method: GET - method: GET