1Panel-Dev Kubepi vulnerabilities
3 known vulnerabilities affecting 1panel-dev/kubepi.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-36111P2MEDIUMCVSS 6.3Exploitedv>= 1.6.3, < 1.8.02024-07-25
CVE-2024-36111 [MEDIUM] CWE-1259 CVE-2024-36111: KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in th
KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the key is detected to be empty in the configuration file r
nvd
CVE-2023-37917P3HIGHCVSS 8.8fixed in 1.6.52023-07-21
CVE-2023-37917 [HIGH] CWE-269 CVE-2023-37917: KubePi is an opensource kubernetes management panel. A normal user has permission to create/update u
KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for t
nvd
CVE-2023-37916P3HIGHCVSS 7.5fixed in 1.6.52023-07-21
CVE-2023-37916 [HIGH] CWE-200 CVE-2023-37916: KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNu
KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workaround
nvd