CVE-2022-45933

CRITICAL EXPLOITED NUCLEI

Kubeview < 0.1.31 - Missing Authentication

Title source: rule

Description

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."

Nuclei Templates (1)

KubeView <=0.1.31 - Information Disclosure

CRITICALVERIFIEDby For3stCo1d

Shodan: http.title:"KubeView" || http.title:"kubeview" || http.favicon.hash:-379154636

FOFA: icon_hash=-379154636 || title="kubeview"

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/benc-uk/kubeview/issues/95

Scores

CVSS v3 9.8

EPSS 0.9322

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2023-11-25

CWE

CWE-306

Status published

Products (2)

benc-uk/kubeview 0Go

kubeview_project/kubeview < 0.1.31

Published Nov 27, 2022

Tracked Since Feb 18, 2026