CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

RHCOS 3 : OpenShift Container Platform 3.11.346 (RHSA-2020:5363)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5363 advisory. - kubernetes: improper validation of URL redirection in the Kubernetes API server allows an attacker- controlled Kubelet to redirect...

EUVD-2023-1234

Malicious code in bioql PyPI...

GO-2025-3364 Karmada PULL Mode Cluster Privilege Escalation in github.com/karmada-io/karmada

Karmada PULL Mode Cluster Privilege Escalation in github.com/karmada-io/karmada...

PT-2024-29587 · Kubean · Kubean

Name of the Vulnerable Software and Affected Versions: Kubean versions prior to 0.18.0 Description: The issue concerns a cluster lifecycle management toolchain where the ClusterRole has excessive permissions, allowing a malicious user to abuse these permissions and perform any action on the whole...

Clusternet 安全漏洞

Clusternet is an open source Kubernetes multi-cluster management tool from Clusternet that helps users manage and coordinate workloads across multiple Kubernetes clusters. A security vulnerability exists in Clusternet versions prior to 0.15.2, which stems from a vulnerability that allows an...

PT-2023-18550 · Unknown · Open Cluster Management

Name of the Vulnerable Software and Affected Versions: Open Cluster Management OCM affected versions not specified Description: A flaw was found in the Open Cluster Management OCM when a user has access to the worker nodes with the cluster-manager-registration-controller or cluster-manager...