CVE-2023-37917 — CRITICAL (9.1)

Q: How severe is CVE-2023-37917?

CVE-2023-37917 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-37917?

Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud Kubepi.

Vulnerability Description

KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Fit2Cloud	Kubepi	< 1.6.5

Related Weaknesses (CWE)

CWE-269

References

https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-757p-vx43-fp9rExploitThird Party Advisory
https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-757p-vx43-fp9rExploitThird Party Advisory

FAQ

What is CVE-2023-37917?

CVE-2023-37917 is a vulnerability with a CVSS score of 9.1 (CRITICAL). KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may ...

How severe is CVE-2023-37917?

CVE-2023-37917 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-37917?

Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud Kubepi.