All 6 CVE vulnerabilities found in KubePi, with AI-generated Chinese analysis, references, and POCs.
Vendor: KubeOperator
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-36111 | KubePi's JWT token validation has a defect CWE-1259 | 6.3 | Medium | 2024-07-25 |
| CVE-2023-37916 | Leak password hash of any user CWE-200 | 6.5 | Medium | 2023-07-21 |
| CVE-2023-37917 | Privilege Escalation in kubepi CWE-269 | 9.1 | Critical | 2023-07-21 |
| CVE-2023-22478 | KubePi is vulnerable to missing authorization CWE-862 | 7.3 | High | 2023-01-14 |
| CVE-2023-22479 | KubePi vulnerable to session fixation attack CWE-384 | 7.5 | High | 2023-01-10 |
| CVE-2023-22463 | KubePi's Hardcoded Jwtsigkeys allows malicious actor to login with a forged JWT token CWE-798 | 9.8 | - | 2023-01-04 |
All 6 known CVE vulnerabilities affecting KubePi with full Chinese analysis, references, and POCs where available.