CVE-2023-22479

Summary

KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4.

Affected Software

VendorProductVersion RangeStatus
KubeOperatorKubePi<= 1.6.3affected

Weaknesses

  • CWE-384: CWE-384: Session Fixation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References