CVE-2023-22479
published 2023-01-10CVE-2023-22479: KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are…
PriorityP433medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.40%
32.1th percentile
KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fit2cloud | kubepi | < 1.6.4 | 1.6.4 |
| github.com | kubeoperator_kubepi | >= 0 < 1.6.4 | 1.6.4 |
| kubeoperator | kubepi | <= 1.6.3 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
KubePi session fixation attack allows an attacker to hijack a legitimate user session. in github.com/KubeOperator/kubepi
osv·2024-08-20
CVE-2023-22479 KubePi session fixation attack allows an attacker to hijack a legitimate user session. in github.com/KubeOperator/kubepi
KubePi session fixation attack allows an attacker to hijack a legitimate user session. in github.com/KubeOperator/kubepi
KubePi session fixation attack allows an attacker to hijack a legitimate user session. in github.com/KubeOperator/kubepi
OSV
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
osv·2023-01-09
CVE-2023-22479 [HIGH] KubePi session fixation attack allows an attacker to hijack a legitimate user session.
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
### Summary
A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application.
### Affected Version
<= v1.6.3
### Patches
The vulnerability has been fixed in [v1.6.4](https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4).
https://github.com/KubeOperator/KubePi/commit/1e9c550356c1a425a742480efcf743d373e98dcb : A session fixation attack allows an attacker to hijack a legitimate user session.
### Workarounds
It is recommended to upgrade the version to [v1.6.4](https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4).
### For more information
If you ha
GHSA
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
ghsa·2023-01-09
CVE-2023-22479 [HIGH] CWE-384 KubePi session fixation attack allows an attacker to hijack a legitimate user session.
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
### Summary
A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application.
### Affected Version
<= v1.6.3
### Patches
The vulnerability has been fixed in [v1.6.4](https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4).
https://github.com/KubeOperator/KubePi/commit/1e9c550356c1a425a742480efcf743d373e98dcb : A session fixation attack allows an attacker to hijack a legitimate user session.
### Workarounds
It is recommended to upgrade the version to [v1.6.4](https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4).
### For more information
If you ha
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-10
Published