17 matches found
SUSE CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
EUVD-2026-21150
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering...
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...
GHSA-H9CX-XJG6-5V2W Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...
CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109
CVE-2026-40109 affects Flux notification-controller (GitOps Toolkit) prior to version 1.8.3. The vulnerability lies in the gcr Receiver type not validating the email claim of Google OIDC tokens used for Pub/Sub push authentication, allowing any valid Google-issued token to authenticate against th...
GHSA-9H8M-3FM2-QJRQ vulnerabilities
Vulnerabilities for packages: kubescape-operator, longhorn-manager-fips, sops-fips, k6-fips, cloud-provider-aws, harbor, trivy-fips, flyte, azure-workload-identity-webhook, cloudprober, bank-vaults-fips, livekit-server-fips, k6-operator-fips, temporal, fluent-operator, bank-vaults,...
GHSA-7WRW-R4P8-38RX vulnerabilities
Vulnerabilities for packages: govulncheck, sbom-scorecard, kube-fluentd-operator, coredns, wazero, kubernetes-dashboard-metrics-scraper, neuvector-scanner, kube-vip, cert-manager-cmctl, cloud-provider-aws, wire-go, node-problem-detector, sqlexporter, scorecard, mage, neuvector-dbgen, petname,...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: cadvisor, kube-oidc-proxy, newrelic-infrastructure-agent, prometheus-beat-exporter-fips, prometheus-stackdriver-exporter, trust-manager, external-secrets-fips, kube-state-metrics-fips, kots, prometheus-elasticsearch-exporter-fips, bank-vaults-fips, grpc-health-probe,...
GHSA-3F2Q-6294-FMQ5 vulnerabilities
Vulnerabilities for packages: snyk-cli, task, melange, argo-workflows, pulumi-kubernetes-operator, argo-events-fips, flux-notification-controller, argo-events...
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: snyk-cli, melange, argo-events, task, argo-workflows, pulumi-kubernetes-operator, flux-notification-controller...
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: snyk-cli, task, melange, argo-workflows, pulumi-kubernetes-operator, argo-events-fips, flux-notification-controller, argo-events...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: up, kubevela, kubeflow, prometheus-blackbox-exporter, kubescape, ipfs, spark-operator, falco, dgraph, buildkitd, k3d, cortex, slsa-verifier, src, scorecard, terraform-provider-sendgrid, aactl...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: timestamp-authority-fips, aws-efs-csi-driver-fips, kubernetes-csi-livenessprobe, terraform-provider-sendgrid, slsa-verifier, vault-csi-provider, conftest-fips, cluster-autoscaler-fips, scorecard, falco, buildkitd, smarter-device-manager-fips, prometheus-adapter-fips,...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: prometheus-blackbox-exporter, spark-operator, gobuster, haproxy-ingress, oauth2-proxy, minio, coredns, envoy-ratelimit, gitness, nginx-stable, gomplate, stakater-reloader, flux-notification-controller, fuse-overlayfs-snapshotter, kots, node-problem-detector, rqlite,...