CVE-2023-37917
published 2023-07-21CVE-2023-37917: KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.61%
45.0th percentile
KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 1panel-dev | kubepi | < 1.6.5 | 1.6.5 |
| fit2cloud | kubepi | < 1.6.5 | 1.6.5 |
| github.com | kubeoperator_kubepi | >= 0 < 1.6.5 | 1.6.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
KubePi Privilege Escalation vulnerability in github.com/KubeOperator/kubepi
osv·2024-08-20
CVE-2023-37917 KubePi Privilege Escalation vulnerability in github.com/KubeOperator/kubepi
KubePi Privilege Escalation vulnerability in github.com/KubeOperator/kubepi
KubePi Privilege Escalation vulnerability in github.com/KubeOperator/kubepi
GHSA
KubePi Privilege Escalation vulnerability
ghsa·2023-07-21
CVE-2023-37917 [CRITICAL] CWE-269 KubePi Privilege Escalation vulnerability
KubePi Privilege Escalation vulnerability
### Summary
A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request
### PoC
Change the value of the `isadmin` field in the request to true:
https://drive.google.com/file/d/1e8XJbIFIDXaFiL-dqn0a0b6u7o3CwqSG/preview
### Impact
Elevate user privileges
OSV
KubePi Privilege Escalation vulnerability
osv·2023-07-21
CVE-2023-37917 [CRITICAL] KubePi Privilege Escalation vulnerability
KubePi Privilege Escalation vulnerability
### Summary
A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request
### PoC
Change the value of the `isadmin` field in the request to true:
https://drive.google.com/file/d/1e8XJbIFIDXaFiL-dqn0a0b6u7o3CwqSG/preview
### Impact
Elevate user privileges
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-07-21
Published