Lucene search
PRIOn knowledge basePRION:CVE-2023-37916HistoryJul 21, 2023 - 9:15 p.m.
Design/Logic Flaw
2023-07-2121:15:00
PRIOn knowledge base
www.prio-n.com
6
kubepi
endpoint vulnerability
upgrade
no workarounds
password hash leakage
0.001 Low
EPSS
Percentile
40.7%
KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Related
osv
osv
CVE-2023-37916
2023-07-21 21:15:11
KubePi may leak password hash of any user
2023-07-21 20:18:09
gitlab
gitlab
Exposure of Sensitive Information to an Unauthorized Actor
2023-07-21 00:00:00
Exposure of Sensitive Information to an Unauthorized Actor
2023-07-21 00:00:00
veracode
veracode
Information Disclosure
2023-07-25 05:50:53
cvelist
cvelist
CVE-2023-37916 Leak password hash of any user
2023-07-21 20:15:12
github
github
KubePi may leak password hash of any user
2023-07-21 20:18:09
nvd
nvd
CVE-2023-37916
2023-07-21 21:15:11
cve
cve
CVE-2023-37916
2023-07-21 21:15:11