CVE-2023-22480
HIGH7.3EPSS 75.6%KubeOperator allows unauthorized access to system API
Published: 1/9/2023Modified: 11/8/2023
Description
### Summary Unauthorized access refers to the ability to bypass the system's preset permission settings to access some API interfaces. The attack exploits a flaw in how online applications handle routing permissions. ### Affected Version <= v3.16.3 ### Patches The vulnerability has been fixed in v3.16.3. https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf ### Workarounds It is recommended to upgrade the version to v3.16.4. ### For more information If you have any questions or comments about this advisory, please open an issue. ### References https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4
Affected packages (1)
- Go/github.com/KubeOperator/KubeOperatorfrom 0, <= 3.16.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-22480
- PATCHhttps://github.com/KubeOperator/KubeOperator
- WEBhttps://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf
- WEBhttps://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4
- WEBhttps://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8