Kubeoperator Kubeconfig Unauthorized Access Vulnerability Cve 2023 22480
Kubeoperator Kubeconfig Unauthorized Access Vulnerability Cve 2023 22480
KubeOperator kubeconfig Unauthorized Access Vulnerability CVE-2023-22480
Vulnerability Description
KubeOperator is an open source, lightweight Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level Kubernetes clusters.
Vulnerability Impact
KubeOperator < 3.16.4
Network surveying and mapping
app=”KubeOperator”
Vulnerability reappears
Login page
Fixed unauthorized configuration file download interface in patch
When the cluster exists, the configuration file can be downloaded without authorization through the interface
Verify POC (k8s is the cluster name, not fixed)
1
/api/v1/clusters/kubeconfig/k8s
This post is licensed under CC BY 4.0 by the author.