CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

CVE-2026-10609 Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

CVE-2026-10609

The vulnerability CVE-2026-10609 affects the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, enabling a delegated editor to exfiltrate...

EUVD-2026-38448

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.2.10

Logging for Red Hat OpenShift - 6.2.10 Red Hat OpenShift Logging 6.2.10 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

Important: Red Hat Security Advisory: security update Logging for Red Hat OpenShift - 5.9.6

Important Logging for Red Hat OpenShift - 5.9.6 Logging for Red Hat OpenShift - 5.9.6 cluster-logging-rhel9-operator: compat-openssl11CVE-2023-0286...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.16 extras security update

Red Hat OpenShift Container Platform release 4.6.16 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2020-8564

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

CVE-2020-27816

The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link kibana console to different one, created based on the new CR for the new kibana resource. This could lead to an...