High severityNVD Advisory· Published Jan 14, 2023· Updated Mar 10, 2025
KubeOperator is vulnerable to unauthorized access to system API
CVE-2023-22480
Description
KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/KubeOperator/KubeOperatorGo | <= 3.16.3 | — |
Affected products
2- Range: <= 3.16.3
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-jxgp-jgh3-8jc8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-22480ghsaADVISORY
- github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aafghsax_refsource_MISCWEB
- github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4ghsax_refsource_MISCWEB
- github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.