Lucene search
K

39 matches found

Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.3 views

PT-2026-6528

Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern in github.com/rancher/local-path-provisioner...

5.4AI score
Exploits0References3
OSV
OSV
added 2026/02/04 8:17 p.m.9 views

GHSA-JR3W-9VFR-C746 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

9.9CVSS5.7AI score0.00581EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/02/04 8:17 p.m.17 views

Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

9.9CVSS5.7AI score0.00581EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.3 views

PT-2026-6443

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

9.9CVSS5.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.3 views

PT-2026-6543

Name of the Vulnerable Software and Affected Versions rancher.io/local-path-provisioner versions prior to 0.0.34 Description A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or...

9.9CVSS5.6AI score0.00581EPSS
Exploits1References19
CBLMariner
CBLMariner
added 2025/12/29 5:22 p.m.3 views

CVE-2025-65637 affecting package local-path-provisioner for versions less than 0.0.21-20

CVE-2025-65637 affecting package local-path-provisioner for versions less than 0.0.21-20. A patched version of the package is available...

7.5CVSS6.9AI score0.00585EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/28 12:0 a.m.11 views

Azure Linux 3.0 Security Update: kubernetes / local-path-provisioner (CVE-2020-8565)

The version of kubernetes / local-path-provisioner installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-8565 advisory. - In Kubernetes, if the logging level is set to at least 9, authorization and bear...

5.5CVSS6AI score0.00512EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/03/27 9:13 p.m.10 views

CVE-2020-8565 affecting package local-path-provisioner for versions less than 0.0.24-5

CVE-2020-8565 affecting package local-path-provisioner for versions less than 0.0.24-5. A patched version of the package is available...

5.5CVSS6.2AI score0.00512EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/03/13 3:8 p.m.28 views

CVE-2023-44487 affecting package local-path-provisioner for versions less than 0.0.21-12

CVE-2023-44487 affecting package local-path-provisioner for versions less than 0.0.21-12. A patched version of the package is available...

7.5CVSS8.2AI score0.99999EPSS
Exploits19
CBLMariner
CBLMariner
added 2025/02/19 8:5 p.m.8 views

CVE-2023-39325 affecting package local-path-provisioner for versions less than 0.0.24-3

CVE-2023-39325 affecting package local-path-provisioner for versions less than 0.0.24-3. A patched version of the package is available...

7.5CVSS8.2AI score0.03796EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/02/19 8:5 p.m.6 views

CVE-2023-45288 affecting package local-path-provisioner for versions less than 0.0.24-3

CVE-2023-45288 affecting package local-path-provisioner for versions less than 0.0.24-3. A patched version of the package is available...

7.5CVSS8AI score0.91969EPSS
Exploits1
OSV
OSV
added 2024/04/04 9:15 p.m.11 views

AZL-38488 CVE-2023-45288 affecting package local-path-provisioner for versions less than 0.0.24-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
Chainguard
Chainguard
added 2024/03/05 11:15 p.m.77 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: doppler-kubernetes-operator, aactl, logstash-exporter-fips, prometheus-mongodb-exporter-fips, nats, bank-vaults-fips, temporal-ui-server-fips, kor, flux-kustomize-controller, stakater-reloader, aws-load-balancer-controller, caddy-fips, flux, cadvisor, eksctl, mc, buf...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/02 8:37 p.m.22 views

CVE-2022-21698 affecting package local-path-provisioner for versions less than 0.0.21-14

CVE-2022-21698 affecting package local-path-provisioner for versions less than 0.0.21-14. A patched version of the package is available...

7.5CVSS10AI score0.05994EPSS
Exploits0
OSV
OSV
added 2023/10/11 10:15 p.m.8 views

AZL-34963 CVE-2023-39325 affecting package local-path-provisioner for versions less than 0.0.24-3

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/10 2:15 p.m.8 views

AZL-34964 CVE-2023-44487 affecting package local-path-provisioner for versions less than 0.0.21-12

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2023/10/10 2:15 p.m.10 views

AZL-31324 CVE-2023-44487 affecting package local-path-provisioner for versions less than 0.0.21-12

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2022/01/01 5:15 a.m.7 views

AZL-33612 CVE-2021-44716 affecting package local-path-provisioner for versions less than 0.0.21-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

7.5CVSS6.6AI score0.03958EPSS
Exploits0References1
OSV
OSV
added 2020/12/07 10:15 p.m.5 views

AZL-41878 CVE-2020-8565 affecting package local-path-provisioner for versions less than 0.0.24-5

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...

5.5CVSS6.3AI score0.00512EPSS
Exploits0References1
Rows per page
Query Builder