Lucene search
K

4 matches found

OSV
OSV
added 2026/01/16 7:14 p.m.5 views

CVE-2026-23634 Pepr Overly Permissive RBAC ClusterRole in Admin Mode

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

6.7AI score0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/16 7:14 p.m.23 views

CVE-2026-23634 Pepr Overly Permissive RBAC ClusterRole in Admin Mode

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

0.00227EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:14 p.m.3 views

CVE-2026-23634

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

5.4AI score0.00227EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/01/15 8:14 p.m.7 views

@pepr/istio (=0.1.0), @pepr/keycloak-authsvc (>=0.3.0 <=0.6.0) potentially affected by CVE-2026-23634 via pepr (>=0.14.2 <=0.9.0)

pepr NPM version =0.14.2, =0.3.0, =0.6.0 Source cves: CVE-2026-23634 Source advisory: OSV:GHSA-W54X-R83C-X79Q...

4.3CVSS5.8AI score0.00227EPSS
Exploits0
Rows per page
Query Builder