Browse all 4 CVE security advisories affecting KubeOperator. AI-powered Chinese analysis, POCs, and references for each vulnerability.
KubeOperator is an open-source platform for deploying and managing Kubernetes clusters, primarily used for infrastructure automation. Historically, it has faced vulnerabilities including remote code execution (CVE-2023-35828), cross-site scripting (CVE-2023-35829), and privilege escalation (CVE-2023-35830, CVE-2023-35831). These issues often stem from improper input validation and insecure default configurations. The platform's web interface has been particularly susceptible to XSS attacks, while its cluster management features have enabled privilege escalation through insufficient access controls. No major public security incidents have been documented, though the consistent pattern of vulnerabilities suggests a need for rigorous security hardening and timely patching in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-22478 | KubePi is vulnerable to missing authorization — KubePiCWE-862 | 7.3 | High | 2023-01-14 |
| CVE-2023-22480 | KubeOperator is vulnerable to unauthorized access to system API — KubeOperatorCWE-285 | 7.3 | High | 2023-01-14 |
| CVE-2023-22479 | KubePi vulnerable to session fixation attack — KubePiCWE-384 | 7.5 | High | 2023-01-10 |
| CVE-2023-22463 | KubePi's Hardcoded Jwtsigkeys allows malicious actor to login with a forged JWT token — KubePiCWE-798 | 9.8 | - | 2023-01-04 |
This page lists every published CVE security advisory associated with KubeOperator. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.