10 matches found
CVE-2025-48710
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
GHSA-7633-X85H-5MQH kro Confused Deputy vulnerability
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
kro Confused Deputy vulnerability
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
CVE-2025-48710
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
CVE-2025-48710
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
CVE-2025-48710
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
CVE-2025-48710
CVE-2025-48710 affects kro (Kube Resource Orchestrator) with affected version 0.1.0 up to before 0.2.1. The issue stems from users who can create or modify ResourceGraphDefinition resources being able to supply arbitrary container images, enabling a confused-deputy scenario where kro controllers ...
CVE-2025-48710
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
kro(Kube Resource Orchestrator) 安全漏洞
kro Kube Resource Orchestrator is an open source resource orchestrator from kro-run. A security vulnerability exists in kro Kube Resource Orchestrator versions prior to 0.2.1, which stems from allowing a user to provide an arbitrary container image, potentially leading to unauthenticated remote...
PT-2025-23762 · Kro · Kro
Name of the Vulnerable Software and Affected Versions: kro Kube Resource Orchestrator versions 0.1.0 through 0.2.1 Description: The issue allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy...