365 matches found
CVE-2026-33814 affecting package cert-manager for versions less than 1.12.15-9
CVE-2026-33814 affecting package cert-manager for versions less than 1.12.15-9. A patched version of the package is available...
GHSA-H524-452V-82P9 vulnerabilities
Vulnerabilities for packages: cert-manager-webhook-pdns, cluster-proportional-autoscaler, tekton-chains, envoy-gateway, crossplane-provider-aws-route53, cluster-api, bento, apisix-ingress-controller, argo-events, nova, gitlab-runner, cluster-api-helm-controller,...
CVE-2026-42504 vulnerabilities
Vulnerabilities for packages: cert-manager-webhook-pdns, cluster-proportional-autoscaler, tekton-chains, envoy-gateway, crossplane-provider-aws-route53, cluster-api, bento, apisix-ingress-controller, argo-events, nova, gitlab-runner, cluster-api-helm-controller,...
GHSA-4279-Q6MJ-392R vulnerabilities
Vulnerabilities for packages: cert-manager-webhook-pdns, cluster-proportional-autoscaler, tekton-chains, envoy-gateway, cloud-provider-aws, crossplane-provider-aws-route53, cluster-api, kuma, witness, bento, pgpool2exporter, apisix-ingress-controller, argo-events, nova, gitlab-runner,...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: cert-manager-webhook-pdns, cluster-proportional-autoscaler, tekton-chains, envoy-gateway, cloud-provider-aws, crossplane-provider-aws-route53, cluster-api, kuma, witness, bento, pgpool2exporter, apisix-ingress-controller, argo-events, nova, gitlab-runner,...
GHSA-H3GM-Q7M7-MP28 vulnerabilities
Vulnerabilities for packages: cert-manager-webhook-pdns, cluster-proportional-autoscaler, tekton-chains, envoy-gateway, cloud-provider-aws, crossplane-provider-aws-route53, cluster-api, kuma, witness, bento, pgpool2exporter, apisix-ingress-controller, argo-events, nova, gitlab-runner,...
CVE-2026-42507 vulnerabilities
Vulnerabilities for packages: cert-manager-webhook-pdns, cluster-proportional-autoscaler, tekton-chains, envoy-gateway, cloud-provider-aws, crossplane-provider-aws-route53, cluster-api, kuma, witness, bento, pgpool2exporter, apisix-ingress-controller, argo-events, nova, gitlab-runner,...
CVE-2026-42504 vulnerabilities
Vulnerabilities for packages: mailpit-fips, gpu-operator, karpenter-fips, aactl, minio-operator-fips, rancher-fleet, crossplane-provider-azure-netapp, crossplane-provider-aws-emrserverless, kyverno-notation-aws-fips, authservice-fips, consul-k8s-fips, crossplane-provider-aws-ssm-fips, cephcsi-fip...
GHSA-H524-452V-82P9 vulnerabilities
Vulnerabilities for packages: mailpit-fips, gpu-operator, karpenter-fips, aactl, minio-operator-fips, rancher-fleet, crossplane-provider-azure-netapp, crossplane-provider-aws-emrserverless, kyverno-notation-aws-fips, authservice-fips, consul-k8s-fips, crossplane-provider-aws-ssm-fips, cephcsi-fip...
CVE-2026-42507 vulnerabilities
Vulnerabilities for packages: mailpit-fips, nri-apache, node-problem-detector, gpu-operator, octo-sts, karpenter-fips, aactl, minio-operator-fips, node-problem-detector-fips, ctop, omnibump, cloud-sql-proxy-fips, mc-fips, rancher-fleet, crossplane-provider-azure-netapp,...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: mailpit-fips, nri-apache, node-problem-detector, gpu-operator, octo-sts, karpenter-fips, aactl, minio-operator-fips, node-problem-detector-fips, ctop, omnibump, cloud-sql-proxy-fips, mc-fips, rancher-fleet, crossplane-provider-azure-netapp,...
GHSA-4279-Q6MJ-392R vulnerabilities
Vulnerabilities for packages: mailpit-fips, nri-apache, node-problem-detector, gpu-operator, octo-sts, karpenter-fips, aactl, minio-operator-fips, node-problem-detector-fips, ctop, omnibump, cloud-sql-proxy-fips, mc-fips, rancher-fleet, crossplane-provider-azure-netapp,...
GHSA-H3GM-Q7M7-MP28 vulnerabilities
Vulnerabilities for packages: mailpit-fips, nri-apache, node-problem-detector, gpu-operator, octo-sts, karpenter-fips, aactl, minio-operator-fips, node-problem-detector-fips, ctop, omnibump, cloud-sql-proxy-fips, mc-fips, rancher-fleet, crossplane-provider-azure-netapp,...
CVE-2026-10840
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840 Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840
CVE-2026-10840 concerns the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role. When Kueue or cert-manager CRDs are present, any authenticated...
CVE-2026-10840
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
EUVD-2026-34248
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
PT-2026-46191
Name of the Vulnerable Software and Affected Versions OpenShift Pipelines operator affected versions not specified Description A flaw in the OpenShift Pipelines operator occurs because the tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue...