CVE-2023-37917

Name of the Vulnerable Software and Affected Versions KubePi versions prior to 1.6.5

Description A normal user in KubePi, an open-source Kubernetes management panel, has the permission to create or update users. By editing the isadmin value in the request, any user can become an admin, thus taking administrative control of KubePi. This allows for the elevation of user privileges.

Recommendations For versions prior to 1.6.5, upgrade to version 1.6.5 to address the issue. As a temporary workaround, consider restricting access to user creation and update functionalities to prevent potential privilege escalation. Avoid using the isadmin variable in requests until the issue is resolved.