Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-4945CED7D675B5AC3A1A625B5C08F8DAHistoryJul 21, 2023 - 12:00 a.m.
Exposure of Sensitive Information to an Unauthorized Actor
2023-07-2100:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
4
kubernetes
password hash
unauthorized access
vulnerability
upgrade
sensitive information
0.001 Low
EPSS
Percentile
40.7%
KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/github.com/kubeoperator/kubepi | lt | v1.6.5 |
Related
osv
osv
CVE-2023-37916
2023-07-21 21:15:11
KubePi may leak password hash of any user
2023-07-21 20:18:09
gitlab
gitlab
Exposure of Sensitive Information to an Unauthorized Actor
2023-07-21 00:00:00
veracode
veracode
Information Disclosure
2023-07-25 05:50:53
cvelist
cvelist
CVE-2023-37916 Leak password hash of any user
2023-07-21 20:15:12
prion
prion
Design/Logic Flaw
2023-07-21 21:15:00
github
github
KubePi may leak password hash of any user
2023-07-21 20:18:09
nvd
nvd
CVE-2023-37916
2023-07-21 21:15:11
cve
cve
CVE-2023-37916
2023-07-21 21:15:11