CVE-2023-22480 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-22480

CVE-2023-22480

January 14, 2023

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.

Related Resources (5)

https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8

https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf

https://nvd.nist.gov/vuln/detail/CVE-2023-22480

https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4

https://github.com/KubeOperator/KubeOperator

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Improper Authorization

CWE-285

EPSS

Base Score:

75.59

Products

Solutions

Resources

Company

Compare

Developer Tools