CVE-2023-22480
HIGH NUCLEIKubeOperator < 3.16.4 - Improper Authorization
Title source: llmExploitation Summary
CVE-2023-22480 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.
Nuclei Templates (1)
KubeOperator Foreground `kubeconfig` - File Download
CRITICALVERIFIEDby DhiyaneshDk
Shodan:
html:"KubeOperator" || http.html:"kubeoperator"
FOFA:
app="KubeOperator" || body="kubeoperator" || app="kubeoperator"
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8
Patch, Third Party Advisory x_refsource_misc
https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4
Scores
CVSS v3
7.3
EPSS
0.6677
EPSS Percentile
99.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-285
CWE-863
Status
published
Products (2)
fit2cloud/kubeoperator
< 3.16.4
KubeOperator/KubeOperator
0Go
Published
Jan 14, 2023
Tracked Since
Feb 18, 2026