KubePi may allow unauthorized access to system API

Main / KubePi may allow unauthorized access to system API

Discription

### Summary
API interfaces with unauthorized access will leak sensitive information
/kubepi/api/v1/systems/operation/logs/search
/kubepi/api/v1/systems/login/logs/search

This vulnerability also exists in https://github.com/KubeOperator/KubeOperator

### Details
The vulnerability is located in
KubePi/internal/api/v1/v1.go

`sp.Post(“/login/logs/search”, handler.LoginLogsSearch())` directly uses the v1 route without middleware authentication

Follow up found no role based authentication

`sp.Post(“/operation/logs/search”, handler.OperationLogsSearch())` the same as above

### Impact

KubePI Read More

References

Back to Main

Subscribe for the latest news: