CVE-2023-44392

CVE-2023-44392 affects Garden prior to versions 0.13.17 (Bonsai) and 0.12.65 (Acorn). The vulnerability arises from the cryo library’s insecure deserialization, used by Garden to cache test/run results in Kubernetes ConfigMaps named with prefixes like test-result and run-result stored in either t...

CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster

Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...

CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster

Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...

CVE-2023-39323 vulnerabilities

Vulnerabilities for packages: configmap-reload-fips, metrics-server, smarter-device-manager-fips, kind, falco...

Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing

CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. When creating a ConfigMap object which has...

GHSA-74FP-R6JW-H4MP Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing

CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. When creating a ConfigMap object which has...

CVE-2020-19587

Cross Site Scripting XSS vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI...

Cross site scripting

Cross Site Scripting XSS vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI...

CVE-2020-19587

Cross Site Scripting XSS vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI...

CVE-2022-2403

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. This flaw allows a malicious user to read the...

Input validation

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OpenID Connect OIDC...

CVE-2022-31105 Argo CD's certificate verification is skipped for connections to OIDC providers

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OpenID Connect OIDC...

PT-2022-4053 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 0.4.0 through 2.2.10 Argo CD versions 2.3.0 through 2.3.5 Argo CD versions 2.4.0 through 2.4.4 Description: The issue is related to an improper certificate validation bug in Argo CD, which could cause it to trust a malicious...

GHSA-MM7G-F2GG-CW8G Kubernetes arbitrary file overwrite

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...

[ASA-202111-7] kubectl-ingress-nginx: information disclosure

Arch Linux Security Advisory ASA-202111-7 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-25742 Package : kubectl-ingress-nginx Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2490 Summary ======= The package...

Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11.248 bug fix and enhancement update

Red Hat OpenShift Container Platform release 3.11.248 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clou...

Kubernetes 1.3.x < 1.7.14 / 1.8.x < 1.8.9 / 1.9.x < 1.9.4 multiple vulnerabilities

The version of Kubernetes installed on the remote host is version 1.3.x prior to 1.7.14, 1.8.x prior to 1.8.9 or 1.9.x prior to 1.9.4. It is, therefore, affected by multiple vulnerabilities. - An arbitrary file access vulnerability exists in containers using subpath volume mounts. An authenticate...

Security Bulletin: A Security Vulnerability could affect IBM Cloud Private

Summary IBM Cloud Private could allow a remote attacker to bypass security restrictions due to Calico CNI Logging which can expose Kubernetes service account tokens Vulnerability Details CVEID: Not Applicable DESCRIPTION: Project Calico could allow a local attacker to obtain sensitive information...

Design/Logic Flaw

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...

CVE-2017-1002102

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...