[minikube] ssh server with default password
CVE-2023-1944

8.4HIGH

Key Information:

Vendor: Kubernetes
Status: Minikube
Vendor: CVE Published:; 24 May 2023

Summary

A vulnerability exists in Minikube allowing unauthorized SSH access to the Minikube container due to the use of a default password. This can potentially expose sensitive information and enable malicious actors to manipulate container configurations or initiate unauthorized actions. Users are encouraged to secure SSH access by changing the default password and implementing stronger authentication measures.

Affected Version(s)

minikube <= 1.29.0

References

https://github.com/kubernetes/minikube

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2023
Vulnerability Reserved
Apr 7, 2023