PT-2023-18530 · Kubepi · Kubepi

Suanve

·

Publicado

2023-01-09

·

Atualizado

2024-08-20

·

CVE-2023-22478

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions KubePi versions prior to 1.6.4
Description The issue allows unauthorized access to system API interfaces, potentially leaking sensitive information. This is due to a flaw in how online applications handle routing permissions. There are no known workarounds.
Recommendations For versions prior to 1.6.4, upgrade to version 1.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the API interfaces until the upgrade is applied.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2023-22478
GHSA-GQX8-HXMV-C4V4
GO-2023-1463

Produtos afetados

Kubepi