github.com/KubeOperator/kubepi (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/KubeOperator/kubepi, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2023-22463 — CVSS 9.8 (critical): KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same…
CVE-2023-37917 — CVSS 9.1 (critical): KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing…
CVE-2023-22479 — CVSS 7.5 (high): KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and…
CVE-2023-22478 — CVSS 7.3 (high): KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been…
CVE-2023-37916 — CVSS 6.5 (medium): KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of…