21 matches found
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: cilium, crossplane-provider-aws-dynamodb, buildah, tkn, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-aws-route53, terragrunt, melange, prometheus, act, zarf, eksctl, gitlab-kas, steampipe, zot, pulumi-kubernetes-operator, pulumi, kyverno, osv-scanner,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: cilium, buildah, tkn, terragrunt, melange, prometheus, act, zarf, eksctl, gitlab-kas, steampipe, zot, pulumi-kubernetes-operator, pulumi, kyverno, osv-scanner, ksops, witness, gh, k9s, kaf, opentelemetry-collector, nuclei, kubernetes-dashboard, scorecard, dagger,...
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: cilium, datadog-agent, gitaly, buildah, knative-operator, prometheus, zarf, cluster-api-helm-controller, azurefile-csi, spicedb, dapr, gitlab-kas, steampipe, zot, linkerd2, kyverno, osv-scanner, flux-helm-controller, crossplane-provider-keycloak, ksops,...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: cilium, datadog-agent, gitaly, buildah, knative-operator, prometheus, zarf, cluster-api-helm-controller, azurefile-csi, spicedb, dapr, gitlab-kas, steampipe, zot, linkerd2, kyverno, osv-scanner, flux-helm-controller, crossplane-provider-keycloak, ksops,...
SUSE CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
EUVD-2026-21150
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering...
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...
GHSA-H9CX-XJG6-5V2W Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...
CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109
CVE-2026-40109 affects Flux notification-controller (GitOps Toolkit) prior to version 1.8.3. The vulnerability lies in the gcr Receiver type not validating the email claim of Google OIDC tokens used for Pub/Sub push authentication, allowing any valid Google-issued token to authenticate against th...
GHSA-9H8M-3FM2-QJRQ vulnerabilities
Vulnerabilities for packages: trivy-operator-fips, verticadb-operator-fips, task, k8sgpt, helm-operator-fips, eks-distro, grype, aws-otel-collector-fips, gitaly, tekton-chains-fips, ratify-fips, packer, docker-compose-fips, cloudprober-fips, temporal-server, prometheus-alertmanager,...
GHSA-7WRW-R4P8-38RX vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kube-state-metrics, gitsign, mockery, distribution, modelmesh-runtime-adapter, helm-docs, boring-registry, rancher-loglevel, memcached-exporter, k9s, docker-credential-ecr-login, certificate-transparency, crossplane-provider-aws...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: pgpool2exporter, k8sgpt, helm-operator-fips, newrelic-infrastructure-agent, hugo, nerdctl, grype, pgpool2exporter-fips, pulumi-language-yaml, kargo, mc-fips, vertical-pod-autoscaler, configmap-reload, temporal-server, local-path-provisioner, prometheus-alertmanager,...
GHSA-3F2Q-6294-FMQ5 vulnerabilities
Vulnerabilities for packages: snyk-cli, task, argo-events, pulumi-kubernetes-operator, flux-notification-controller, argo-events-fips, argo-workflows, melange...
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: task, argo-events, argo-workflows, melange, pulumi-kubernetes-operator, snyk-cli, flux-notification-controller...
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: snyk-cli, task, argo-events, pulumi-kubernetes-operator, flux-notification-controller, argo-events-fips, argo-workflows, melange...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: buildkitd, k3d, aactl, kubescape, kubevela, scorecard, kubeflow, terraform-provider-sendgrid, up, slsa-verifier, spark-operator, cortex, falco, dgraph, prometheus-blackbox-exporter, src...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: src, spark-operator, k3d, prometheus-blackbox-exporter, smarter-device-manager-fips, falcoctl-fips, prometheus-stackdriver-exporter, bank-vaults-fips, up, buildkitd, kubernetes-csi-livenessprobe-fips, kubeflow, aws-efs-csi-driver-fips, kubeflow-fips, kubevela,...