CVE-2023-22478

HIGH EXPLOITED NUCLEI

Fit2cloud Kubepi < 1.6.4 - Missing Authorization

Title source: rule

Description

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.

Nuclei Templates (1)

KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access

HIGHVERIFIEDby DhiyaneshDk

Shodan: html:"kubepi" || http.html:"kubepi"

FOFA: kubepi || body="kubepi"

References (3)

[Patch, Third Party Advisory] https://github.com/KubeOperator/KubePi/commit/0c6774bf5d9003ae4d60257a3f207c131ff4a6d6

View Patch ZIP pw:eip

[Release Notes, Third Party Advisory] https://github.com/KubeOperator/KubePi/releases/tag/v1.6.4

[Patch, Third Party Advisory] https://github.com/KubeOperator/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4

Scores

CVSS v3 7.3

EPSS 0.8112

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

VulnCheck KEV 2023-12-04

CWE

CWE-862

Status published

Products (2)

fit2cloud/kubepi < 1.6.4

KubeOperator/kubepi 0 - 1.6.4Go

Published Jan 14, 2023

Tracked Since Feb 18, 2026