39 matches found
CVE-2026-44543
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
EUVD-2026-32954
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543
Local Path Provisioner (rancher/local-path-provisioner) is affected. Before version 0.0.36, a user with edit rights on the local-path-config ConfigMap can inject a malicious helperPod.yaml into the template used to create HelperPods during PVC provisioning/cleanup. The attacker-controlled templat...
Local Path Provisioner 安全漏洞
Local Path Provisioner is a Kubernetes local storage dynamic provisioning tool developed by Rancher. Versions of Local Path Provisioner prior to 0.0.36 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the helperPod.yaml template. Malicious users...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment during the processing of the helperPod.yaml template. An attacker can gain unauthorized access to sensitive host files, read ServiceAccount tokens from other pods, access other tenants' volume data, or...
Local Path Provisioner Vulnerable to HelperPod Template Injection
Impact A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC...
GHSA-7FXV-8WR2-MFC4 Local Path Provisioner Vulnerable to HelperPod Template Injection
Impact A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC...
PT-2026-39897
Name of the Vulnerable Software and Affected Versions local-path-provisioner versions prior to 0.0.36 Description A malicious user with permissions to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template. This template is used to crea...
CVE-2026-33814 vulnerabilities
Vulnerabilities for packages: zot, secrets-store-csi-driver-provider-aws, flux-image-automation-controller, witness, govulncheck, mattermost, kaf, istio, tigera-operator, kubernetes-csi-external-health-monitor, trust-manager, custom-pod-autoscaler-operator, newrelic-infra-operator, metrics-server...
CVE-2026-33814 vulnerabilities
Vulnerabilities for packages: kserve-localmodelnode-agent, crossplane-provider-azure-notificationhubs, knative-net-istio-fips, kapp, datadog-agent, influxd, restic-fips, caddy, crossplane-provider-azure-managedidentity, fulcio, gatus-fips, kube-bench, custom-pod-autoscaler-fips,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, aws-load-balancer-controller, flux-image-automation-controller, flux-notification-controller, malcontent, grafana-rollout-operator, stakater-reloader, mountpoint-s3-csi-driver, tailscale, actions-runner-controller,...
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...
CVE-2025-62878
The CVE-2025-62878 exposure is a path traversal flaw in the Local Path Provisioner (rancher.io/local-path) via the parameters.pathPattern in StorageClass. A malicious user can craft pathPattern (using relative segments like ../) to cause PersistentVolumes to target arbitrary host paths, e.g., ove...
Exploit for CVE-2025-62878
CVE-2025-62878: Local Path Provisioner Path Traversal Over...
GO-2026-4425 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern in github.com/rancher/local-path-provisioner
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern in github.com/rancher/local-path-provisioner...