![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/8-1684457268.png)
前言
KubeOperator是一个开源的轻量级 Kubernetes 发行版,专注于帮助企业规划、部署和运营生产级别的 K8s 集群。
KubeOperator 3.16.4之前版本存在授权问题漏洞,该漏洞源于API与未经授权的实体交互,由于下载kubeconfig的路径不需要身份认证,导致攻击者可直接下载kubeconfig获取相关敏感信息。
![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/10-1684457269.png)
![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/6-1684457269.png)
漏洞复现
一、漏洞影响:
KubeOperator < 3.16.4
二、Fofa搜索:
app=”KubeOperator”
三、危害等级
超危
四、漏洞复现:
1、访问登录页
2、默认账户密码登陆,
默认账号密码:admin/kubeoperator@admin123
当集群存在时可通过接口未授权下载配置文件,下图可以看到集群名称为k8s
验证POC (k8s为集群名称,不固定)
/api/v1/clusters/kubeconfig/k8s
![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/9-1684457271.png)
![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/2-1684457271.png)
漏洞修复
官方补丁:
https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4
在补丁中修复了配置文件下载接口的未授权
![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/9-1684457272.png)
![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/1-1684457272.gif)
END
![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/7-1684457272.gif)
• 往期精选
![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/10-1684457273.png)
![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/5-1684457273.png)
![KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现 KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现](https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/05/0-1684457273.png)
下方点击关注发现更多精彩
原文始发于微信公众号(银河护卫队super):KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现