CVE-2022-45933
published 2022-11-27CVE-2022-45933: KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and…
PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
51.70%
98.8th percentile
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | benc-uk_kubeview | 0 – 0.1.31 | — |
| kubeview_project | kubeview | <= 0.1.31 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
words: ['BEGIN CERTIFICATE', 'END CERTIFICATE', 'kubernetes.io'] condition: and
- →Send an unauthenticated HTTP GET request to /api/scrape/kube-system; a vulnerable KubeView instance will return a 200 response containing Kubernetes certificate data (BEGIN CERTIFICATE / END CERTIFICATE) and references to kubernetes.io ↗
- →Identify exposed KubeView instances via Shodan using favicon hash -379154636 or title searches for 'KubeView'/'kubeview' ↗
- →Identify exposed KubeView instances via FOFA using icon_hash=-379154636 or title="kubeview" ↗
- →Identify exposed KubeView instances via Google dork: intitle:"kubeview" ↗
- ·The vulnerable endpoint /api/scrape/kube-system requires NO authentication in KubeView <=0.1.31; any network-accessible instance is exploitable without credentials ↗
- ·The vendor acknowledged KubeView was a 'fun side project and learning exercise' and not designed to be secure — treat any deployment as inherently untrustworthy ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
KubeView vulnerable to full cluster takeover due to improper authentication
osv·2022-11-27
CVE-2022-45933 [CRITICAL] KubeView vulnerable to full cluster takeover due to improper authentication
KubeView vulnerable to full cluster takeover due to improper authentication
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
GHSA
KubeView vulnerable to full cluster takeover due to improper authentication
ghsa·2022-11-27
CVE-2022-45933 [CRITICAL] CWE-287 KubeView vulnerable to full cluster takeover due to improper authentication
KubeView vulnerable to full cluster takeover due to improper authentication
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
VulnCheck
kubeview_project kubeview Missing Authentication for Critical Function
vulncheck·2022·CVSS 9.8
CVE-2022-45933 [CRITICAL] kubeview_project kubeview Missing Authentication for Critical Function
kubeview_project kubeview Missing Authentication for Critical Function
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
Affected: kubeview_project kubeview
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-25&host_type=src&vulnerability=cve-2022-45933; https://dashboard.shadowser
No detection rules found.
Nuclei
KubeView <=0.1.31 - Information Disclosure
nuclei·CVSS 9.8
CVE-2022-45933 [CRITICAL] KubeView <=0.1.31 - Information Disclosure
KubeView <=0.1.31 - Information Disclosure
KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2022-45933
info:
name: KubeView <=0.1.31 - Information Disclosure
author: For3stCo1d
severity: critical
description: |
KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used
No writeups or analysis indexed.
2022-11-27
Published
Exploited in the wild