391 matches found
podman security update
5.8.2-3.0.1 - Rework CNI/Netavark detection logic JIRA: EVG-3769 - Rebuild on new golang to support experimental GODEBUG fipsnoenforceems - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 6:5.8.2-3 - Rebuild for CVE-2026-32283 - Resolves: RHEL-167685 6:5.8.2-2 - Rebui...
CVE-2026-41185
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...
CVE-2026-41184
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...
GHSA-9P7W-W5Q6-MXJ3 Calico Inserts Sensitive Information into Log File
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...
GHSA-M67G-87RX-V42C Calico Inserts Sensitive Information into Log File
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...
CVE-2026-41184
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...
EUVD-2026-32931
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...
CVE-2026-41185 ServiceAccount token disclosure via Azure IPAM CNI plugin logs
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...
CVE-2026-41185 ServiceAccount token disclosure via Azure IPAM CNI plugin logs
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...
CVE-2026-41185
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...
EUVD-2026-32933
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...
PT-2026-44410
Name of the Vulnerable Software and Affected Versions Calico affected versions not specified Description When configured with the Azure IPAM plugin, the Calico CNI binary modifies the incoming CNI configuration to include subnet information before passing it to the IPAM plugin. The Azure IPAM...
PT-2026-44409
Name of the Vulnerable Software and Affected Versions Calico affected versions not specified Description The install-cni init container logs the rendered CNI configuration to standard output. In Canal or Flannel-Calico deployments where the configuration template uses the SERVICEACCOUNT TOKEN...
Amazon Linux 2 : cni-plugins, --advisory ALAS2-2026-3311 (ALAS-2026-3311)
The version of cni-plugins installed on the remote host is prior to 1.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3311 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta...
Amazon Linux 2023 : cni-plugins (ALAS2023-2026-1723)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1723 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBU...
Important: cni-plugins
Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...
RHEL 9 : containernetworking-plugins (RHSA-2026:20608)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20608 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network...
Important: cni-plugins
Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...