Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-11769

A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...

8.8CVSS5.7AI score0.00361EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5355 Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName in github.com/grafana/grafana-operator

Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName in github.com/grafana/grafana-operator...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 8:51 p.m.5 views

GHSA-FCW4-WWQM-M8CF Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName

We have released version 5.24.0 of the Grafana Operator. This patch includes a MODERATE severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

6.4CVSS5.9AI score0.00361EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 8:51 p.m.10 views

EUVD-2026-36641

Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName...

6.4CVSS5.8AI score0.00361EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 8:51 p.m.8 views

Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName

We have released version 5.24.0 of the Grafana Operator. This patch includes a MODERATE severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

8.8CVSS5.9AI score0.00361EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/13 6:30 a.m.5 views

Duplicate Advisory: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fcw4-wwqm-m8cf. This link is maintained to preserve external references. Original Description We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/13 6:16 a.m.16 views

CVE-2026-11769

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

8.8CVSS0.00361EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/13 6:7 a.m.4 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go‎ that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/13 6:7 a.m.3 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go‎ that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References2
CVE
CVE
added 2026/06/13 4:17 a.m.45 views

CVE-2026-11769

Grafana Operator

8.8CVSS5.5AI score0.00361EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/13 4:17 a.m.25 views

CVE-2026-11769 Operator - Namespaced User Path Traversal

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

6.4CVSS0.00361EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/13 4:17 a.m.7 views

CVE-2026-11769 Operator - Namespaced User Path Traversal

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

6.4CVSS5.5AI score0.00361EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.12 views

PT-2026-49078

Name of the Vulnerable Software and Affected Versions Grafana Operator versions prior to 5.24.0 Description A path traversal and privilege escalation issue exists when loading dashboards and library panels using the jsonnet data templating language. Because the jsonnet expression is evaluated...

6.4CVSS5.3AI score0.00361EPSS
Exploits0References10
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.7 views

CVE-2026-33810 vulnerabilities

Vulnerabilities for packages: actions-runner-controller-fips, ingress-nginx-controller, listmonk, dataplaneapi-fips, rabbitmq-messaging-topology-operator-fips, karpenter, nodetaint-fips, osv-scanner, nodetaint, spire-server, flux-image-reflector-controller-fips, flux-source-watcher-fips,...

8.8CVSS7.1AI score0.0034EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.6 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: actions-runner-controller-fips, ingress-nginx-controller, listmonk, dataplaneapi-fips, rabbitmq-messaging-topology-operator-fips, karpenter, nodetaint-fips, osv-scanner, nodetaint, spire-server, flux-image-reflector-controller-fips, flux-source-watcher-fips,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.8 views

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, helm-exporter-fips, docker-cli, rke2-runtime-fips, crane, cloudbeat, crossplane, gosu, atlantis, flux-source-watcher, xeol, cerbos, image-factory, rclone, oras-fips, tekton-pipelines, flux-source-controller, docker-compose-fips, harbor,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.10 views

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, helm-exporter-fips, docker-cli, rke2-runtime-fips, crane, cloudbeat, crossplane, gosu, atlantis, flux-source-watcher, xeol, cerbos, image-factory, rclone, oras-fips, tekton-pipelines, flux-source-controller, docker-compose-fips, harbor,...

5.5CVSS6.1AI score0.0029EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.6 views

CVE-2026-32280 vulnerabilities

Vulnerabilities for packages: kcp-fips, kafka-proxy, mockery, prometheus-adapter, crossplane-provider-aws-eks-fips, ingress-nginx-controller, yunikorn-web-fips, vexctl, knative-kafka-broker, helm-exporter-fips, cert-manager-csi-driver-fips, aws-node-termination-handler, dataplaneapi-fips,...

7.5CVSS7.1AI score0.00615EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.7 views

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: kafka-proxy, prometheus-adapter, ingress-nginx-controller, vexctl, aws-node-termination-handler, cert-manager-fips, velero-plugin-for-csi-fips, terraform-provider-kubernetes-fips, kratos, wazero, azure-container-networking, nri-redis-fips, verticadb-operator,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.11 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: kcp-fips, kafka-proxy, mockery, prometheus-adapter, crossplane-provider-aws-eks-fips, ingress-nginx-controller, yunikorn-web-fips, vexctl, knative-kafka-broker, helm-exporter-fips, cert-manager-csi-driver-fips, aws-node-termination-handler, dataplaneapi-fips,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0
Rows per page
Query Builder