Home > Vulnerability Database > CVE-2023-22480

Mend.io Vulnerability Database

CVE-2023-22480

Date: January 13, 2023

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.

Language: Go

Severity Score

9.8

Related Resources (6)

Url: https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8

Url: https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf

Url: https://github.com/advisories/GHSA-jxgp-jgh3-8jc8

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-22480

Url: https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4

Url: https://www.mend.io/vulnerability-database/CVE-2023-22480

Severity Score

9.8

Weakness Type (CWE)

Improper Authorization

CWE-285

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-22480

Date: January 13, 2023

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?