Security for everyone

CVE-2023-22478 Scanner

Detects 'Unauthorized Access' vulnerability in KubePi affects v. <= 1.6.4

SCAN NOW

Short Info


Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2023-22478 Scanner Detail

KubePi is a modern web-based Kubernetes management platform developed by Fit2Cloud. It is designed to provide users with a simplified and intuitive interface for managing Kubernetes clusters and resources. Organizations and developers use KubePi to streamline their Kubernetes operations, enhance productivity, and improve overall cluster management. It supports various Kubernetes operations, including deployment, monitoring, and logging. KubePi is widely adopted for its user-friendly design and comprehensive features.

The vulnerability in KubePi allows unauthorized access to sensitive information via the LoginLogsSearch API endpoint. This security flaw exposes user data and potentially sensitive operational details of the Kubernetes cluster. Exploiting this vulnerability does not require authentication, making it a critical security concern. It was addressed in version 1.6.4, and users are urged to upgrade to mitigate the risk.

This vulnerability specifically impacts the /kubepi/api/v1/systems/login/logs/search endpoint of KubePi. By sending a specially crafted request to this endpoint, an attacker can retrieve login logs without proper authentication. The exposed information includes API versions, UUIDs, and usernames. The flaw lies in the lack of adequate access controls on this API endpoint. It affects all versions of KubePi up to and including 1.6.4.

Exploitation of this vulnerability could lead to unauthorized disclosure of sensitive information, including user login details and operational data of Kubernetes clusters. This can compromise the integrity and confidentiality of the system, leading to further targeted attacks. It poses a significant risk to the security and privacy of KubePi users and their managed Kubernetes environments.

Joining the securityforeveryone platform provides you with comprehensive cybersecurity exposure management. By leveraging our sophisticated scanning technology, you'll gain insights into vulnerabilities like the CVE-2023-22478 in KubePi, enhancing your digital security posture. Our platform offers real-time monitoring, timely alerts, and actionable guidance to remediate identified vulnerabilities, safeguarding your digital assets against emerging threats. Become a member today to secure your systems with cutting-edge cyber defense capabilities.

 

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture