CVE-2022-45933

CVSS 9.8 CRITICALEPSS 51.7%CWE-306

Vexday Risk Score

55Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 9.8EPSS 51.7%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

27 nov 2022Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/benc-uk/kubeview/issues/95