.. / CVE-2023-22478

Exploit for KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access (CVE-2023-22478)

Description:

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.

Nuclei Template

View the template here CVE-2023-22478.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-22478.yaml
Copy

References:

https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4
https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/KubePi/KubePi%20LoginLogsSearch%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%20CVE-2023-22478.md
https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4
https://nvd.nist.gov/vuln/detail/CVE-2023-22478
https://github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6