Description
An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master.
Published: 2026-03-11
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Immediate Mitigation
AI Analysis

Impact

An issue in oslabs-beta ThermaKube master contains hard‑coded password credentials, aligning with CWE‑259. This flaw enables an attacker who can discover the default credentials to log in with elevated privileges, potentially gaining full control over the system and compromising confidentiality, integrity, and availability. The vulnerability arises from an insecure design choice that embeds passwords directly in the code base.

Affected Systems

The vulnerability affects the ThermaKube master component of the oslabs-beta project. No specific version information is available in the advisory.

Risk and Exploitability

The CVSS base score of 9.8 indicates high severity, while the EPSS score of less than 1 % suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires accessing the service that uses the hard‑coded credentials, which could be remote or local, depending on deployment. The flaw provides an unprivileged entry point that could lead to full system compromise if an attacker supplies the default password.

Generated by OpenCVE AI on March 17, 2026 at 15:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace the hard‑coded password with a strong, unique password.
  • Remove any default credentials from configuration files or source code.
  • Upgrade to a patched release of ThermaKube once available.
  • Enable authentication logging and monitor for suspicious login attempts.

Generated by OpenCVE AI on March 17, 2026 at 15:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Title Hard‑Coded Password in oslabs-beta ThermaKube Master

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Oslabs-beta
Oslabs-beta thermakube
Vendors & Products Oslabs-beta
Oslabs-beta thermakube

Wed, 11 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master.
References

Subscriptions

Oslabs-beta Thermakube
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-12T13:56:01.805Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-70041

cve-icon Vulnrichment

Updated: 2026-03-12T13:55:45.652Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T21:16:13.330

Modified: 2026-03-12T21:08:22.643

Link: CVE-2025-70041

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:33:44Z

Weaknesses

No weakness.