Skip to content

CVE-2023-37916 | KubePi

KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability..This CVE has a CVSS3.1 score of 6.5 and a Base Severity of MEDIUM.

InfoDetails
CVE IDCVE-2023-37916
CVE StatePUBLISHED
BaseScore6.5
BaseSeverityMEDIUM
VectorStringCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
VersionNA

References for CVE-2023-37916 :
https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h

Metric TypeMetric Score
AttackVector(AV)NETWORK
AttackComplexity(AC)LOW
PrivilegesRequired(PR)LOW
UserInteraction(UI)NONE
Scope(S)UNCHANGED
Confidentiality(C)HIGH
Availability(A)NONE
Integrity(I)NONE
Tags: