CVE-2023-37916 - KubePi Exposes User Password Hashes in Search Endpoint
KubePi, a widely-used open source Kubernetes management panel, is under threat due to a newly discovered security vulnerability. The endpoint, known as "/kubepi/api/v1/users/search?pageNum=1&&pageSize=10", has been found to leak the password hash of any user, including admin-level accounts. Consequently, an attacker with malicious intent and sufficient patience could crack these leaked hashes with ease. Thankfully, there's a fix readily available in the form of KubePi version 1.6.5. But users must act fast, as there are no known workarounds for this vulnerability.
Here's an example of the vulnerable KubePi API endpoint exposed
@app.route('/kubepi/api/v1/users/search?pageNum=1&&pageSize=10', methods=['GET'])
def search_users():
users = get_users()
password_hashes = []
for user in users:
password_hashes.append(user['password_hash'])
return jsonify(password_hashes)
As you can see, the function search_users() retrieves a list of users, and then gathers their password hashes to return them in a JSON format. This is an obvious and critical flaw in security.
Exploit Details
A potential attack involving this vulnerability could be quite straightforward. An attacker would begin by sending HTTP GET requests to the vulnerable endpoint. They would then parse the response to acquire password hashes for all users on the platform. With this data in hand, the attacker could invest time and resources into cracking the hashes to obtain the original plaintext passwords.
Links to Original References
For more information about the CVE-2023-37916 vulnerability and the steps being taken to minimize its impact, you can refer to the following resources:
1. Official Vulnerability Report
2. KubePi GitHub Repository
3. KubePi Release Notes for v1.6.5
4. National Vulnerability Database (NVD) Entry
Mitigation Steps
As previously mentioned, there is no known workaround for this vulnerability. Therefore, users are urged to upgrade their KubePi installation to version 1.6.5. This patch addresses the issue, ensuring that password hashes are no longer leaked through the API endpoint.
To upgrade, follow the steps provided in the KubePi documentation for your specific deployment environment.
Conclusion
Security vulnerabilities like CVE-2023-37916 pose a significant threat to any platform, especially to those responsible for managing Kubernetes clusters. Therefore, it is very important for KubePi users to upgrade to version 1.6.5 immediately. Doing so will protect them from this exposure and any potential exploitation attempts.
Remember: stay vigilant, stay informed, and always prioritize the security of your systems.
Timeline
Published on: 07/21/2023 21:15:00 UTC
Last modified on: 07/31/2023 18:32:00 UTC