Vulnerabilities > CVE-2023-22478 - Missing Authorization vulnerability in Fit2Cloud Kubepi

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

fit2cloud

CWE-862

NVD

Published: 2023-01-14

Updated: 2023-01-24

Summary

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.

Vulnerable Configurations

Part	Description	Count
Application	Fit2Cloud Fit2Cloud Kubepi - Fit2Cloud Kubepi 1.0.0 Fit2Cloud Kubepi 1.0.1 Fit2Cloud Kubepi 1.1.0 Fit2Cloud Kubepi 1.1.1 Fit2Cloud Kubepi 1.1.2 Fit2Cloud Kubepi 1.2.0 Fit2Cloud Kubepi 1.2.1 Fit2Cloud Kubepi 1.2.2 Fit2Cloud Kubepi 1.3.0 Fit2Cloud Kubepi 1.4.0 Fit2Cloud Kubepi 1.4.1 Fit2Cloud Kubepi 1.4.2 Fit2Cloud Kubepi 1.5.0 Fit2Cloud Kubepi 1.5.1 Fit2Cloud Kubepi 1.5.2 Fit2Cloud Kubepi 1.5.3 Fit2Cloud Kubepi 1.6.0 Fit2Cloud Kubepi 1.6.1 Fit2Cloud Kubepi 1.6.2 Fit2Cloud Kubepi 1.6.3	21

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References