11 matches found
CVE-2026-44514
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...
CVE-2026-44514
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...
CVE-2026-44514
Kubetail vulnerability (CVE-2026-44514) is a CSWSH flaw where the dashboard exposed WebSocket endpoints before 0.14.0 did not properly validate the Origin header, allowing an attacker to read authenticated users’ Kubernetes logs via a malicious page. Affected components and versions: Kubetail Das...
CVE-2026-44514 Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from authenticated users
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...
EUVD-2026-30331
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...
CVE-2026-44514 Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from authenticated users
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...
Kubetail 安全漏洞
Kubetail is an open-source Kubernetes real-time log monitoring dashboard developed by Kubetail. Versions of Kubetail prior to 0.14.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the Origin header at WebSocket endpoints, which could lead to...
Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users
Summary Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. Thi...
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via inadequate validation of the Origin header during WebSocket connection upgrades. An attacker can gain unauthorized access to sensitive log data by convincing an authenticated user to visit a...
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via inadequate validation of the Origin header during WebSocket connection upgrades. An attacker can gain unauthorized access to sensitive log data by convincing an authenticated user to visit a...
PT-2026-38411
Name of the Vulnerable Software and Affected Versions Kubetail Dashboard versions prior to 0.14.0 Kubetail Helm Chart versions prior to 0.23.0 Kubetail CLI versions prior to 0.16.0 Description Kubetail's dashboard exposes WebSocket endpoints that do not adequately validate the Origin header durin...