Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-22vc-5pgw-644q: KubeView vulnerable to full cluster takeover due to improper authentication

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor’s position is that KubeView was a “fun side project and a learning exercise,” and not “very secure.”

ghsa
Open in Source
#git#kubernetes#auth

KubeView vulnerable to full cluster takeover due to improper authentication

Critical severity GitHub Reviewed Published Nov 27, 2022 • Updated Dec 2, 2022

Related news

CVE-2022-45933: Critical Security Issue that could lead to full cluster takeover · Issue #95 · benc-uk/kubeview

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
ghsa