137 matches found
Unity Linux 20.1050e / 20.1070e Security Update: kubernetes (UTSA-2026-017342)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017342 advisory. A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows...
RHCOS 4 : OpenShift Container Platform 4.4.8 openshift (RHSA-2020:2448)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2448 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...
RHCOS 4 : OpenShift Container Platform 4.2.36 openshift (RHSA-2020:2594)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2594 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: nri-apache, chaos-mesh-fips, git-credential-oauth, cloud-sql-proxy-fips, mc-fips, yq-fips, flux-operator, splunk-otel-collector, istio-fips, nri-apache-fips, crossplane-provider-aws-kms-fips, smarter-device-manager-fips, tkn-fips, docker-machine-driver-harvester,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: nova-fips, mailpit-fips, kepler, fluxcd-kustomize-mutating-webhook, node-problem-detector, gpu-operator, nri-apache, php-fpmexporter, karpenter-fips, aactl, minio-operator-fips, node-problem-detector-fips, aws-network-policy-agent-fips, rclone, ctop,...
Cisco Catalyst SD-WAN Controller Authentication Bypass (cisco-sa-sdwan-rpa-EHchtZk)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an...
GO-2025-4240 Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes
Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes...
Portworx Half-Blind SSRF in kube-controller-manager
...
CVE-2025-13281
A half-blind Server-Side Request Forgery SSRF found in kube-controller-manager that can be triggered when using the legacy in-tree Portworx StorageClass. An authorized user with sufficient privileges can cause the controller to make requests to internal, host-network–accessible endpoints,...
EUVD-2025-203310
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
GHSA-R6J8-C6R2-37RR kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
CVE-2025-13281
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
AZL-72382 CVE-2025-13281 affecting package kubernetes for versions less than 1.30.10-18
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
DEBIAN-CVE-2025-13281
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
AZL-72386 CVE-2025-13281 affecting package kubernetes for versions less than 1.28.4-21
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...
CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...