Improper Authentication Affecting devspace package, versions <4.14.0-beta.1
Threat Intelligence
EPSS
0.98% (84th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-DEVSPACE-6017319
- published 20 Oct 2023
- disclosed 24 May 2022
- credit Barak Tawily, Amit De-Paz
How to fix?
Upgrade devspace
to version 4.14.0-beta.1 or higher.
Overview
Affected versions of this package are vulnerable to Improper Authentication due to improper authentication for the WebSocket protocol
in the UI
. An attacker can execute actions on pods on behalf of a victim, leading to remote code execution.
References
CVSS Scores
version 3.1