CVE-2023-22478 HIGH

CVE-2023-22478: KubePi is vulnerable to missing authorization

Vendor Kubeoperator
Product KubePi
Weakness CWE-862 · Missing authorization
Published January 14, 2023
Last update March 10, 2025

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.

Key dates

02Disclosure timeline

January 14, 2023 CVE published
March 10, 2025 Record updated