37 matches found
CVE-2026-11769
A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...
GO-2026-5355 Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName in github.com/grafana/grafana-operator
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName in github.com/grafana/grafana-operator...
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName
We have released version 5.24.0 of the Grafana Operator. This patch includes a MODERATE severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...
GHSA-FCW4-WWQM-M8CF Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName
We have released version 5.24.0 of the Grafana Operator. This patch includes a MODERATE severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...
CVE-2026-11769
We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...
CVE-2026-11769 Operator - Namespaced User Path Traversal
We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...
GHSA-XVQR-69V8-F3GV vulnerabilities
Vulnerabilities for packages: slsa-verifier, restic, jaeger, azure-workload-identity-webhook, gogatekeeper, lazygit, capslock, karpenter, mockgen, go-md2man, timescaledb-parallel-copy, container-object-storage-interface, vault-benchmark, amass, gcp-compute-persistent-disk-csi-driver, kubeflow,...
CVE-2025-61731 vulnerabilities
Vulnerabilities for packages: slsa-verifier, restic, jaeger, azure-workload-identity-webhook, gogatekeeper, lazygit, capslock, karpenter, mockgen, go-md2man, timescaledb-parallel-copy, container-object-storage-interface, vault-benchmark, amass, gcp-compute-persistent-disk-csi-driver, kubeflow,...
CVE-2025-68119 vulnerabilities
Vulnerabilities for packages: slsa-verifier, restic, jaeger, azure-workload-identity-webhook, gogatekeeper, lazygit, capslock, karpenter, mockgen, go-md2man, timescaledb-parallel-copy, container-object-storage-interface, vault-benchmark, amass, gcp-compute-persistent-disk-csi-driver, kubeflow,...
GHSA-CM6P-QC7V-M3JW vulnerabilities
Vulnerabilities for packages: slsa-verifier, restic, jaeger, azure-workload-identity-webhook, gogatekeeper, lazygit, capslock, karpenter, mockgen, go-md2man, timescaledb-parallel-copy, container-object-storage-interface, vault-benchmark, amass, gcp-compute-persistent-disk-csi-driver, kubeflow,...
EUVD-2022-2791
Malicious code in bioql PyPI...
Malicious code in setup-jsonnet (npm)
The package setup-jsonnet was found to contain malicious code...
MAL-2025-33027 Malicious code in setup-jsonnet (npm)
The package setup-jsonnet was found to contain malicious code...
Fedora: Security Advisory for golang-github-jsonnet-bundler (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-google-jsonnet (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-jsonnet-bundler-0.4.0-9.fc36
A jsonnet package manager...
[SECURITY] Fedora 36 Update: golang-github-google-jsonnet-0.17.0-6.fc36
This an implementation of Jsonnet in pure Go. It is feature complete but is n ot as heavily exercised as the Jsonnet C++ implementation. Please try it out and give feedback...
Fedora: Security Advisory for golang-github-jsonnet-bundler (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-github-jsonnet-bundler-0.4.0-8.fc35
A jsonnet package manager...