35 matches found
GHSA-7C64-F9JR-V9H2 vulnerabilities
Vulnerabilities for packages: image-factory-fips, spicedb-operator, knative-serving, rancher-system-upgrade-controller, crossplane-provider-kubernetes-fips, gitlab-cng, quic-go-fips, src-fingerprint, envoy-gateway-fips, pdfcpu, vertical-pod-autoscaler-fips, gobump, rancher-telemetry, nri-couchbas...
EUVD-2025-12223
Malicious code in bioql PyPI...
Token Leakage
github.com/minio/operator is vulnerable to Token Leakage. The vulnerability is due to improper audience scoping of the defaulting of spec.audiences to the Kubernetes apiserver without proper restrictions, allowing tokens to be replayed to other internal systems...
CVE-2025-32963
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
SUSE CVE-2025-32963
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
CVE-2025-32963
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
GO-2025-3637 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS in github.com/minio/operator
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS in github.com/minio/operator. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
CVE-2025-32963
MinIO Operator STS (Kubernetes IAM) flaw: before v7.1.0, the spec.audiences default could be the Kubernetes API server, allowing replay to internal systems. Root cause: unscoped audiences enable trust beyond intended scope. Impact: tokens could be replayed to other components; mitigated only by p...
CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
MinIO Operator 安全漏洞
MinIO Operator is a simple Kubernetes operator for MinIO clusters from MinIO. A security vulnerability exists in MinIO Operator versions prior to 7.1.0, which stems from the failure to provide an audiences field, which could result in tokens being replayed...
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
Prevent token leakage / privilege escalation MinIO Operator STS: A Quick Overview MinIO Operator STS is a native IAM Authentication for Kubernetes. MinIO Operator offers support for Secure Tokens a.k.a. STS which are a form of temporary access credentials for your MinIO Tenant. In essence, this...
GHSA-7M6V-Q233-Q9J9 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
Prevent token leakage / privilege escalation MinIO Operator STS: A Quick Overview MinIO Operator STS is a native IAM Authentication for Kubernetes. MinIO Operator offers support for Secure Tokens a.k.a. STS which are a form of temporary access credentials for your MinIO Tenant. In essence, this...
PT-2025-17524 · Minio · Minio Operator
Name of the Vulnerable Software and Affected Versions: MinIO Operator versions prior to 7.1.0 Description: The issue concerns the MinIO Operator STS, a native IAM Authentication for Kubernetes. Without proper scoping, authentication can be replayed to other internal systems that may unintentional...