CVE-2023-22480

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions KubeOperator versions 3.16.3 and below

Description The issue allows unauthorized access to API interfaces, potentially leaking sensitive information and allowing takeover of the cluster under certain conditions. This is due to a flaw in handling routing permissions.

Recommendations For versions 3.16.3 and below, upgrade to version 3.16.4 to resolve the issue. As a temporary workaround, consider restricting access to API interfaces until the upgrade is applied.

Exploit

Fix

Improper Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-863

Related Identifiers

CVE-2023-22480

GHSA-JXGP-JGH3-8JC8

Affected Products

Kubeoperator

CVE-2023-22480

Weakness Enumeration

Related Identifiers

Affected Products

References · 8