cbcvebase.
CVE-2022-45933
published 2022-11-27

CVE-2022-45933: KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and…

PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
51.70%
98.8th percentile
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."

Affected

2 ranges
VendorProductVersion rangeFixed in
github.combenc-uk_kubeview0 – 0.1.31
kubeview_projectkubeview<= 0.1.31

Detection & IOCsextracted from sources · hover to see the quote

url/api/scrape/kube-system
otherhttp.title:"KubeView"
otherhttp.favicon.hash:-379154636
othericon_hash=-379154636
yara
words: ['BEGIN CERTIFICATE', 'END CERTIFICATE', 'kubernetes.io'] condition: and
  • Send an unauthenticated HTTP GET request to /api/scrape/kube-system; a vulnerable KubeView instance will return a 200 response containing Kubernetes certificate data (BEGIN CERTIFICATE / END CERTIFICATE) and references to kubernetes.io
  • Identify exposed KubeView instances via Shodan using favicon hash -379154636 or title searches for 'KubeView'/'kubeview'
  • Identify exposed KubeView instances via FOFA using icon_hash=-379154636 or title="kubeview"
  • Identify exposed KubeView instances via Google dork: intitle:"kubeview"
  • ·The vulnerable endpoint /api/scrape/kube-system requires NO authentication in KubeView <=0.1.31; any network-accessible instance is exploitable without credentials
  • ·The vendor acknowledged KubeView was a 'fun side project and learning exercise' and not designed to be secure — treat any deployment as inherently untrustworthy

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.