x/vulndb: potential Go vuln in github.com/KubeOperator/kubepi: GHSA-87f6-8gr7-pc6h

[GoVulnBot]

In GitHub Security Advisory GHSA-87f6-8gr7-pc6h, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/KubeOperator/kubepi	1.6.5	< 1.6.5

Cross references:

• Module github.com/KubeOperator/kubepi appears in issue #1283 NOT_IMPORTABLE
• Module github.com/KubeOperator/kubepi appears in issue #1463 NOT_IMPORTABLE
• Module github.com/KubeOperator/kubepi appears in issue #1468 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/KubeOperator/kubepi
      versions:
        - fixed: 1.6.5
      vulnerable_at: 1.6.4
      packages:
        - package: github.com/KubeOperator/kubepi
summary: KubePi may leak password hash of any user
description: |-
    ### Summary http://kube.pi/kubepi/api/v1/users/search?pageNum=1&&pageSize=10
    leak password of any user (including admin). This leads to password crack attack

    ### PoC
    https://drive.google.com/file/d/1ksdawJ1vShRJyT3wAgpqVmz-Ls6hMA7M/preview

    ### Impact
    - Leaking confidential information.
    - Can lead to password cracking attacks
cves:
    - CVE-2023-37916
ghsas:
    - GHSA-87f6-8gr7-pc6h
references:
    - advisory: https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h
    - web: https://drive.google.com/file/d/1ksdawJ1vShRJyT3wAgpqVmz-Ls6hMA7M/preview
    - web: https://github.com/1Panel-dev/KubePi/releases/tag/v1.6.5
    - advisory: https://github.com/advisories/GHSA-87f6-8gr7-pc6h

[gopherbot]

Change https://go.dev/cl/514636 mentions this issue: data/excluded: batch add 31 excluded reports

[gopherbot]

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

[gopherbot]

Change https://go.dev/cl/606789 mentions this issue: data/reports: unexclude 20 reports (9)