9 matches found
Code Injection
Gardener Extensions is vulnerable to Code Injection. The vulnerability is due to improper handling of user-controlled input in Terraformer-based infrastructure provisioning across AWS, Azure, OpenStack, and GCP providers, which allows an attacker with administrative privileges in a Gardener proje...
SUSE CVE-2025-59823
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
EUVD-2025-31113
Malicious code in bioql PyPI...
CVE-2025-59823
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning
Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...
GHSA-227X-7MH8-3CF6 Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning
Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...
CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
PT-2025-39386
Name of the Vulnerable Software and Affected Versions Project Gardener versions prior to 1.64.0 AWS providers Project Gardener versions prior to 1.55.0 Azure providers Project Gardener versions prior to 1.49.0 OpenStack providers Project Gardener versions prior to 1.46.0 GCP providers Description...