Lucene search
K

322 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: Nomad vulnerable to cross-namespace host volume claim deletion

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...

4.2CVSS5.9AI score0.0016EPSS
Exploits0Affected Software1
NVD
NVD
added 2 days ago5 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42392

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature, potentially allowing an operator with host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. Root cau...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-14896 Nomad vulnerable to cross-namespace host volume claim deletion

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2 days ago6 views

Nomad vulnerable to cross-namespace host volume claim deletion

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...

4.2CVSS6.1AI score0.0016EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-53935 CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS0.00341EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-53935

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS6AI score0.00341EPSS
Exploits0References8Affected Software1
CVE
CVE
added 3 days ago12 views

CVE-2026-53935

Summary: CVE-2026-53935 affects Cilium versions prior to 1.17.16, 1.18.2–1.18.9, and 1.19.0–1.19.3. An attacker who can create a CiliumLocalRedirectPolicy may specify arbitrary ClusterIPs via addressMatcher, enabling cross-namespace traffic hijacking to Services and bypassing serviceMatcher names...

6.9CVSS6AI score0.00341EPSS
Exploits0References7
OSV
OSV
added 3 days ago5 views

GO-2026-5914 CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium

CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium...

6.9CVSS5.9AI score0.00341EPSS
Exploits0References4
NVD
NVD
added 4 days ago5 views

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

8.5CVSS0.00346EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 4 days ago6 views

CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation

Impact Users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, which enables hijacking traffic to Services in any namespace, bypassing the namespace-scoping guarantees enforced by serviceMatcher. In addition, deleting such a policy can...

6.9CVSS6AI score0.00341EPSS
Exploits0References5Affected Software1
CVE
CVE
added 4 days ago20 views

CVE-2026-54765

CVE-2026-54765 affects Traefik v3.7.0 through v3.7.5, fixed in v3.7.6. In the Kubernetes Gateway API provider, two accepted HTTPRoutes targeting the same backend Service:port can have different backendRef filters, with only one route’s filter set applied to all requests. This can allow a route’s ...

8.5CVSS5.9AI score0.00346EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS5.9AI score0.00346EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago15 views

PT-2026-56012

Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0 through 3.7.5 Description Traefik's Kubernetes Gateway API provider may incorrectly resolve two accepted HTTPRoutes that target the same backend Service:port but use different backendRef filters for the same child servic...

8.5CVSS5.9AI score0.00346EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 4:0 p.m.35 views

CVE-2026-44935 Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS0.00585EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 8:45 p.m.3 views

GHSA-XR65-5CPM-G36X Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/01 8:45 p.m.8 views

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/30 6:17 p.m.4 views

GHSA-CVW6-GFVV-953Q Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook

Summary The Fission Function admission webhook pkg/webhook/function.go validated that spec.secrets.namespace and spec.configmaps.namespace equalled the function's own namespace but performed no equivalent check on spec.environment.namespace. Details An attacker with permission to create Functions...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 6:16 p.m.3 views

GHSA-3R8V-2XMJ-5C39 Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook

Summary A Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by the admission webhook; PackageRef.Namespace was not. Details A tenant with functions.fission.io/create in their own namespace could set...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References6
Rows per page
Query Builder