Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-87f6-8gr7-pc6h

GitHub Security Advisory

KubePi may leak password hash of any user

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Summary
http://kube.pi/kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password of any user (including admin). This leads to password crack attack

### PoC
https://drive.google.com/file/d/1ksdawJ1vShRJyT3wAgpqVmz-Ls6hMA7M/preview

### Impact
- Leaking confidential information.
- Can lead to password cracking attacks

Affected Packages

Go github.com/KubeOperator/kubepi
Affected versions: 0 (fixed in 1.6.5)

Related CVEs

CVE-2023-37916

Key Information

GHSA ID
GHSA-87f6-8gr7-pc6h
Published
July 21, 2023 8:18 PM
Last Modified
July 21, 2023 8:18 PM
CVSS Score
5.0 /10
Primary Ecosystem
Go
Primary Package
github.com/KubeOperator/kubepi
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.