Lucene search
K

32 matches found

RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-11769

A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...

8.8CVSS5.7AI score0.00361EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 8:51 p.m.11 views

EUVD-2026-36641

Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName...

6.4CVSS5.8AI score0.00361EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/13 6:30 a.m.5 views

Duplicate Advisory: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fcw4-wwqm-m8cf. This link is maintained to preserve external references. Original Description We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/13 4:17 a.m.51 views

CVE-2026-11769

Grafana Operator

8.8CVSS5.5AI score0.00361EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/05 4:32 p.m.3 views

GHSA-JJRM-HR5F-673X Source controller: Improper path handling allows traversal

Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...

5.3CVSS5.6AI score0.00052EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 5:57 p.m.33 views

CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

4.3CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 5:57 p.m.12 views

CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 5:57 p.m.10 views

CVE-2026-42541

CVE-2026-42541 (Kubewarden RBAC Reconnaissance) : Affected Kubewarden versions allow an attacker with privileged AdmissionPolicy/AdmissionPolicyGroup create permissions to abuse the can_i host callback, which forwards a SubjectAccessReview (SAR) to the policy-server with elevated privileges. This...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

SUSE kubewarden 安全漏洞

SUSE kubewarden is a policy engine developed by the German company SUSE. SUSE kubewarden has security vulnerabilities. These vulnerabilities stem from attackers who have privileges as AdmissionPolicy or AdmissionPolicyGroup and can exploit the canihost callback. This callback directly executes...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 9:49 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 9:49 p.m.4 views

GHSA-WQCW-G35J-J578 Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call

Impact Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manne...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/05 9:49 p.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 9:38 p.m.6 views

GHSA-FGW5-HP8F-XFHC Istio: SSRF via RequestAuthentication jwksUri

Impact When a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS...

5CVSS5.8AI score0.00329EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/16 9:38 p.m.29 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:38 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:38 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

7.1CVSS5.8AI score0.00297EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/18 4:41 a.m.8 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:41 a.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/18 3:14 a.m.4 views

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

7.1CVSS5.8AI score0.00297EPSS
Exploits1References3
Rows per page
Query Builder