Source |
CVE Liste |
Identifiant |
8252078 |
Date de publication |
2022-11-27 03:15:11 (vue: 2022-11-27 07:07:02) |
Titre |
CVE-2022-45933 |
Texte |
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure." |
Envoyé |
Oui |
Condensat |
2022 45933 admin allows api/scrape/kube attackers authentication because can certificate cluster control cve does exercise files fun kube kubernetes kubeview learning not note: obtain position project require retrieves secure side system through used vendor very |
Tags |
|
Stories |
Uber
|
Notes |
|
Move |
|