KubeView up to and including 0.1.31 allows malicious users to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kubeview project kubeview |