Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/06/06 6:21 a.m.6 views

CVE-2025-48710

kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...

4.1CVSS8AI score0.00323EPSS
Exploits0References1
OSV
OSV
added 2025/06/04 6:30 a.m.3 views

GHSA-7633-X85H-5MQH kro Confused Deputy vulnerability

kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...

4.1CVSS8.2AI score0.00323EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/06/04 6:30 a.m.12 views

kro Confused Deputy vulnerability

kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...

4.1CVSS7.9AI score0.00323EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/06/04 6:15 a.m.11 views

CVE-2025-48710

kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...

4.1CVSS0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/04 5:50 a.m.17 views

CVE-2025-48710

kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...

4.1CVSS0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/04 5:50 a.m.4 views

CVE-2025-48710

kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...

4.1CVSS8.2AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2025/06/04 5:50 a.m.54 views

CVE-2025-48710

CVE-2025-48710 affects kro (Kube Resource Orchestrator) with affected version 0.1.0 up to before 0.2.1. The issue stems from users who can create or modify ResourceGraphDefinition resources being able to supply arbitrary container images, enabling a confused-deputy scenario where kro controllers ...

4.1CVSS8.1AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2025/06/04 5:50 a.m.4 views

CVE-2025-48710

kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...

4.1CVSS8.2AI score0.00323EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/04 12:0 a.m.7 views

kro(Kube Resource Orchestrator) 安全漏洞

kro Kube Resource Orchestrator is an open source resource orchestrator from kro-run. A security vulnerability exists in kro Kube Resource Orchestrator versions prior to 0.2.1, which stems from allowing a user to provide an arbitrary container image, potentially leading to unauthenticated remote...

4.1CVSS7.8AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.2 views

PT-2025-23762 · Kro · Kro

Name of the Vulnerable Software and Affected Versions: kro Kube Resource Orchestrator versions 0.1.0 through 0.2.1 Description: The issue allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy...

4.1CVSS7.3AI score0.00323EPSS
Exploits0References11
Rows per page
Query Builder