PT-2023-18532 · Unknown · Kubeoperator

Suanve

Publicado

2023-01-09

Atualizado

2023-01-24

CVE-2023-22480

CVSS v3.1

7.3

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions KubeOperator versions 3.16.3 and below

Description The issue allows unauthorized access to API interfaces, potentially leaking sensitive information and allowing takeover of the cluster under certain conditions. This is due to a flaw in handling routing permissions.

Recommendations For versions 3.16.3 and below, upgrade to version 3.16.4 to resolve the issue. As a temporary workaround, consider restricting access to API interfaces until the upgrade is applied.

Exploit

Correção

Improper Authorization

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-863

Identificadores relacionados

CVE-2023-22480

GHSA-JXGP-JGH3-8JC8

Produtos afetados

Kubeoperator

PT-2023-18532 · Unknown · Kubeoperator

CVE-2023-22480

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8