105 matches found
CVE-2024-45041 External Secrets Operator vulnerable to privilege escalation
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: opentelemetry-collector-contrib, ksops, wal-g, kubescape, up, velero, restic, trino, boring-registry, chezmoi, argo-workflows, harbor-registry, guac, fulcio, airflow, nuclei, falcoctl, policy-controller, pulumi, prometheus-operator,...
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: dex, gomplate, kubescape, apko, kubernetes-dashboard, argo-workflows, guac, grpc-health-probe, gitsign, frp, fulcio, falcoctl, falco, nerdctl, policy-controller, temporal-ui-server, spire-server, tekton-chains, vexctl, skaffold, aactl, timestamp-authority, sops,...
GHSA-HJ3V-M684-V259 vulnerabilities
Vulnerabilities for packages: falcoctl-fips, boring-registry-fips, mc-fips, minio, mc, external-secrets-fips, minio-fips, spire-server, spire-server-fips, falcoctl, falco, boring-registry...
CVE-2024-21664 vulnerabilities
Vulnerabilities for packages: spire-server, minio, kubescape, tekton-chains, mc, vexctl, boring-registry, gitsign, falcoctl, falco...