Access Restriction Bypass

kubeview is vulnerable to access restriction bypass. The vulnerability exists in `default` function of `api.js`, because `api/scrape/kube-system` does not require authentication which allows an attacker to bypass the restrictions and retrieve certificate files that can be used to authenticate as `kube-admin`.Read More