CVE-2023-37916

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 21, 2023

Updated: Jul 31, 2023

CWE ID 200

Summary

CVE-2023-37916 is a vulnerability affecting KubePi, an open-source Kubernetes management panel. The issue lies in the /kubepi/api/v1/users/search endpoint, which inadvertently leaks password hashes for any user, including administrators, when search parameters are set to specific values. A determined attacker could potentially crack these hashes, posing a significant security risk. Users are strongly urged to upgrade to version 1.6.5 to mitigate this vulnerability. At present, there are no reported workarounds to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Fit2cloud Kubepi

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r8huTF
https://www.cve.org/CVERecord?id=CVE-2023-37916
https://nvd.nist.gov/vuln/detail/CVE-2023-37916

Back to Vulnerability Database

CVE-2023-37916

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations