OpenCVE

KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fit2cloud	Kubepi

Configuration 1 [-]

cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/KubeOperator/KubePi/security/advisories/GHSA-v4w5-r2xc-7f8h

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-01-10T20:34:08.097Z

Updated: 2024-08-02T10:13:48.544Z

Reserved: 2022-12-29T17:41:28.088Z

Link: CVE-2023-22479

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-10T21:15:12.917

Modified: 2024-11-21T07:44:53.353

Link: CVE-2023-22479

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6B7CC4D-D5A0-4221-854C-2F37D2BB873C", "versionEndExcluding": "1.6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4."}, {"lang": "es", "value": "KubePi es un panel de Kubernetes moderno. Un ataque de fijaci\u00f3n de sesi\u00f3n permite a un atacante secuestrar una sesi\u00f3n de usuario leg\u00edtima; las versiones 1.6.3 e inferiores son susceptibles. Se lanzar\u00e1 un parche en la versi\u00f3n 1.6.4."}], "id": "CVE-2023-22479", "lastModified": "2024-11-21T07:44:53.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-10T21:15:12.917", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/KubeOperator/KubePi/security/advisories/GHSA-v4w5-r2xc-7f8h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/KubeOperator/KubePi/security/advisories/GHSA-v4w5-r2xc-7f8h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-384"}], "source": "security-advisories@github.com", "type": "Secondary"}]}