Vulnerability Description
KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fit2Cloud | Kubeoperator | < 3.16.4 |
Related Weaknesses (CWE)
References
- https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ePatchThird Party Advisory
- https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4Release NotesThird Party Advisory
- https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-PatchThird Party Advisory
- https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ePatchThird Party Advisory
- https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4Release NotesThird Party Advisory
- https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-PatchThird Party Advisory
FAQ
What is CVE-2023-22480?
CVE-2023-22480 is a vulnerability with a CVSS score of 7.3 (HIGH). KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces ...
How severe is CVE-2023-22480?
CVE-2023-22480 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22480?
Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud Kubeoperator.