Home > Vulnerability Database > CVE-2023-37917

Mend.io Vulnerability Database

CVE-2023-37917

Good to know:

Date: July 21, 2023

KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the "isadmin" value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Go

Severity Score

9.1

Related Resources (6)

Url: https://github.com/1Panel-dev/KubePi

Url: https://drive.google.com/file/d/1e8XJbIFIDXaFiL-dqn0a0b6u7o3CwqSG/preview

Url: https://github.com/1Panel-dev/KubePi/releases/tag/v1.6.5

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-37917

Url: https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-757p-vx43-fp9r

Url: https://www.mend.io/vulnerability-database/CVE-2023-37917

Severity Score

9.1

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version github.com/KubeOperator/kubepi - v1.6.5

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-37917

Good to know:

Date: July 21, 2023

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?