CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

DEBIAN-CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...

CVE-2025-13281

The CVE-2025-13281 entry describes a half-blind SSRF in kube-controller-manager when using the in-tree Portworx StorageClass. Affected: Kubernetes kube-controller-manager components handling Portworx StorageClass, with information disclosure risk by leaking data from unprotected endpoints in the ...

CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

CVE-2025-66432

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date...

Lightweight Security for Private Networks: Real-World Evaluation of WireGuard

This paper explores WireGuard as a lightweight alternative to IPsec for securing the user plane as well as the control plane in an industrial Open RAN deployment at the Adtran Terafactory in Meiningen. We focus on a realistic scenario where external vendors access their hardware in our 5G factory...

PT-2025-49178

Name of the Vulnerable Software and Affected Versions kube-controller-manager affected versions not specified Description An issue exists in kube-controller-manager when utilizing the in-tree Portworx StorageClass, allowing authorized users to potentially leak information from unprotected endpoin...

EUVD-2025-199923

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date...

CVE-2025-66432

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date...

CVE-2025-66432

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date...

CVE-2025-66432

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date...

PT-2025-48383

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date...

Oxide Control Plane 安全漏洞

Oxide Control Plane is an open source console software from Oxide Computer Company. A security vulnerability exists in Oxide Control Plane versions 15 through 17 and prior to 17.1, which stems from the possibility that API tokens may continue to be used after expiration...

CVE-2025-66432

In Oxide Control Plane versions 15–17 before 17.1, API tokens can be renewed past their expiration date. This is the core issue; no exploitation details are provided in the documents. The remediation/patch version is not explicitly stated in the supplied materials.

[SECURITY] Fedora 42 Update: kubernetes1.33-1.33.6-1.fc42

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

[SECURITY] Fedora 41 Update: kubernetes1.33-1.33.6-1.fc41

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...