Headline
CVE-2023-22478: fix: 解决系统登陆日志泄漏-未授权访问 · KubeOperator/KubePi@0c6774b
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.
@@ -419,11 +419,12 @@ func WarpedJwtHandler() iris.Handler {
func AddV1Route(app iris.Party) {
v1Party := app.Party(“/v1”)
v1Party.Use(langHandler())
v1Party.Use(pageHandler())
session.Install(v1Party)
mfa.Install(v1Party)
authParty := v1Party.Party(“”)
v1Party.Use(langHandler())
v1Party.Use(pageHandler())
authParty.Use(WarpedJwtHandler())
authParty.Use(authHandler())
@@ -436,7 +437,7 @@ func AddV1Route(app iris.Party) {
user.Install(authParty)
cluster.Install(authParty)
role.Install(authParty)
system.Install(v1Party)
system.Install(authParty)
proxy.Install(authParty)
ws.Install(authParty)
chart.Install(authParty)
Related news
### Summary API interfaces with unauthorized access will leak sensitive information /kubepi/api/v1/systems/operation/logs/search /kubepi/api/v1/systems/login/logs/search This vulnerability also exists in https://github.com/KubeOperator/KubeOperator ### Details The vulnerability is located in KubePi/internal/api/v1/v1.go <img width="855" alt="image" src="https://user-images.githubusercontent.com/35884266/211234101-8c325e46-bf65-44ee-9fcb-7a1dc3a39c03.png"> `sp.Post("/login/logs/search", handler.LoginLogsSearch())` directly uses the v1 route without middleware authentication <img width="961" alt="image" src="https://user-images.githubusercontent.com/35884266/211234091-fe8cf249-8806-4124-92d0-4fd58753fa48.png"> Follow up found no role based authentication <img width="919" alt="image" src="https://user-images.githubusercontent.com/35884266/211234162-0a6cbaa1-1f83-4361-aa26-a72cd117d64d.png"> `sp.Post("/operation/logs/search", handler.OperationLogsSearch())` the same as above <img w...