Lucene search
GitHub Advisory DatabaseGHSA-87F6-8GR7-PC6HHistoryJul 21, 2023 - 8:18 p.m.
KubePi may leak password hash of any user
2023-07-2120:18:09
CWE-200
GitHub Advisory Database
github.com
9
kubepi
password hash
crack attacks
confidential information
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
40.7%
Summary
http://kube.pi/kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password of any user (including admin). This leads to password crack attack
PoC
https://drive.google.com/file/d/1ksdawJ1vShRJyT3wAgpqVmz-Ls6hMA7M/preview
Impact
- Leaking confidential information.
- Can lead to password cracking attacks
Affected configurations
Node
kubeoperatorkubepiRange<1.6.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/kubeoperator/kubepi | lt | 1.6.5 |
Related
osv
osv
CVE-2023-37916
2023-07-21 21:15:11
KubePi may leak password hash of any user
2023-07-21 20:18:09
gitlab
gitlab
Exposure of Sensitive Information to an Unauthorized Actor
2023-07-21 00:00:00
Exposure of Sensitive Information to an Unauthorized Actor
2023-07-21 00:00:00
veracode
veracode
Information Disclosure
2023-07-25 05:50:53
cvelist
cvelist
CVE-2023-37916 Leak password hash of any user
2023-07-21 20:15:12
prion
prion
Design/Logic Flaw
2023-07-21 21:15:00
nvd
nvd
CVE-2023-37916
2023-07-21 21:15:11
cve
cve
CVE-2023-37916
2023-07-21 21:15:11
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
40.7%
Related for GHSA-87F6-8GR7-PC6H