CVE-2022-45933 Information

Description

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor’s position is that KubeView was a un side project and a learning exercise\ and not ery secure.\

Reference

https://github.com/benc-uk/kubeview/issues/95