-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in the user search endpoint (/api/v1/users/search) which returns password hashes. In Go web applications, API endpoints are typically handled by controller functions. The release notes explicitly mention fixing 'user list returning sensitive information', indicating the user management handlers were improperly exposing password fields. The function name follows standard Go API patterns where SearchUsers would handle search requests, and the file path follows typical project structure for API handlers.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/KubeOperator/kubepi | go | < 1.6.5 | 1.6.5 |
GoGo