PT-2025-44155

Name of the Vulnerable Software and Affected Versions Red Hat Openshift AI Service affected versions not specified Description A flaw exists in the TrustyAI component of Red Hat Openshift AI Service. This component grants all service accounts and users within a cluster permissions to retrieve,...

EUVD-2025-9549

Malicious code in bioql PyPI...

EUVD-2025-9524

Malicious code in bioql PyPI...

CVE-2025-2842 Tempo-operator: tempo operator token exposition lead to read sensitive data

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

CVE-2025-2842

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

CVE-2025-2786

CVE-2025-2786 affects Grafana Tempo Operator. A flaw during TempoStack/TempoMonolithic deployment creates a ServiceAccount, ClusterRole, and ClusterRoleBinding, enabling a user with full access to their namespace to extract the ServiceAccount token and use TokenReview and SubjectAccessReview requ...

PT-2025-14479 · Unknown · Tempo Operator

Name of the Vulnerable Software and Affected Versions: Tempo Operator affected versions not specified Description: A flaw was found in the Tempo Operator related to the Jaeger UI Monitor Tab functionality. When this functionality is enabled, the Operator creates a ClusterRoleBinding for the Servi...

CVE-2024-43403

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a released Go package. For more information, see github/advisory-database/issues/5029. Original Advisory Summary This advisory affects the Kanister helm charts and not the go package Details The kanister...

CVE-2024-43403

Kanister (github.com/kanisterio/kanister) is affected by CVE-2024-43403 due to a deployment named default-kanister-operator bound to the Kubernetes ClusterRole edit. The edit ClusterRole includes permissive permissions (create/patch/update for daemonsets, create for serviceaccount/tokens, and imp...

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

A large-scale attack campaign discovered in the wild has been exploiting Kubernetes K8s Role-Based Access Control RBAC to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm...