Lucene search
K

37 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-11769

A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...

8.8CVSS5.7AI score0.00361EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5355 Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName in github.com/grafana/grafana-operator

Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName in github.com/grafana/grafana-operator...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 8:51 p.m.8 views

Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName

We have released version 5.24.0 of the Grafana Operator. This patch includes a MODERATE severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

8.8CVSS5.9AI score0.00361EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/06/19 8:51 p.m.5 views

GHSA-FCW4-WWQM-M8CF Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName

We have released version 5.24.0 of the Grafana Operator. This patch includes a MODERATE severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

6.4CVSS5.9AI score0.00361EPSS
Exploits0References4
NVD
NVD
added 2026/06/13 6:16 a.m.16 views

CVE-2026-11769

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

8.8CVSS0.00361EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/13 6:7 a.m.4 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go‎ that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/13 4:17 a.m.7 views

CVE-2026-11769 Operator - Namespaced User Path Traversal

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

6.4CVSS5.5AI score0.00361EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/01/31 1:48 p.m.5 views

GHSA-XVQR-69V8-F3GV vulnerabilities

Vulnerabilities for packages: slsa-verifier, restic, jaeger, azure-workload-identity-webhook, gogatekeeper, lazygit, capslock, karpenter, mockgen, go-md2man, timescaledb-parallel-copy, container-object-storage-interface, vault-benchmark, amass, gcp-compute-persistent-disk-csi-driver, kubeflow,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/01/31 1:48 p.m.6 views

CVE-2025-61731 vulnerabilities

Vulnerabilities for packages: slsa-verifier, restic, jaeger, azure-workload-identity-webhook, gogatekeeper, lazygit, capslock, karpenter, mockgen, go-md2man, timescaledb-parallel-copy, container-object-storage-interface, vault-benchmark, amass, gcp-compute-persistent-disk-csi-driver, kubeflow,...

8.6CVSS7.1AI score0.00532EPSS
Exploits0
Wolfi
Wolfi
added 2026/01/31 1:48 p.m.8 views

CVE-2025-68119 vulnerabilities

Vulnerabilities for packages: slsa-verifier, restic, jaeger, azure-workload-identity-webhook, gogatekeeper, lazygit, capslock, karpenter, mockgen, go-md2man, timescaledb-parallel-copy, container-object-storage-interface, vault-benchmark, amass, gcp-compute-persistent-disk-csi-driver, kubeflow,...

7CVSS7AI score0.00335EPSS
Exploits0
Wolfi
Wolfi
added 2026/01/31 1:48 p.m.4 views

GHSA-CM6P-QC7V-M3JW vulnerabilities

Vulnerabilities for packages: slsa-verifier, restic, jaeger, azure-workload-identity-webhook, gogatekeeper, lazygit, capslock, karpenter, mockgen, go-md2man, timescaledb-parallel-copy, container-object-storage-interface, vault-benchmark, amass, gcp-compute-persistent-disk-csi-driver, kubeflow,...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2791

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.01051EPSS
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in setup-jsonnet (npm)

The package setup-jsonnet was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-33027 Malicious code in setup-jsonnet (npm)

The package setup-jsonnet was found to contain malicious code...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.6 views

Fedora: Security Advisory for golang-github-jsonnet-bundler (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.8 views

Fedora: Security Advisory for golang-github-google-jsonnet (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/07/30 1:57 a.m.17 views

[SECURITY] Fedora 36 Update: golang-github-jsonnet-bundler-0.4.0-9.fc36

A jsonnet package manager...

7.3AI score
Exploits0
Fedora
Fedora
added 2022/07/30 1:57 a.m.13 views

[SECURITY] Fedora 36 Update: golang-github-google-jsonnet-0.17.0-6.fc36

This an implementation of Jsonnet in pure Go. It is feature complete but is n ot as heavily exercised as the Jsonnet C++ implementation. Please try it out and give feedback...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2022/07/18 12:0 a.m.15 views

Fedora: Security Advisory for golang-github-jsonnet-bundler (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.05994EPSS
Exploits4References2
Fedora
Fedora
added 2022/07/17 1:15 a.m.17 views

[SECURITY] Fedora 35 Update: golang-github-jsonnet-bundler-0.4.0-8.fc35

A jsonnet package manager...

9.3CVSS8.2AI score0.05994EPSS
Exploits4
Rows per page
Query Builder