Lucene search
K

102 matches found

NVD
NVD
added 2026/02/13 7:17 p.m.7 views

CVE-2026-26187

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

8.1CVSS0.0039EPSS
Exploits0References3
OSV
OSV
added 2026/02/13 4:16 p.m.6 views

GHSA-699M-4V95-RMPM lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

Summary Two path traversal vulnerabilities in the local block adapter allow authenticated users to read and write files outside their designated storage boundaries. Details The local block adapter in pkg/block/local/adapter.go had two path traversal vulnerabilities: 1. Prefix Bypass Vulnerability...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/27 6:1 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via apiCall. An attacker can gain unauthorized access to sensitive resources and escalate privileges via malicious urlPath values that cause the system to perform Kubernetes API requests outside the...

9.9CVSS5.9AI score0.00516EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/27 6:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via apiCall. An attacker can gain unauthorized access to sensitive resources and escalate privileges via malicious urlPath values that cause the system to perform Kubernetes API requests outside the...

9.9CVSS5.9AI score0.00516EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/27 4:7 p.m.4 views

CVE-2026-22039 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...

9.9CVSS5.9AI score0.00516EPSS
Exploits1References3
OSV
OSV
added 2026/01/27 4:7 p.m.8 views

CVE-2026-22039 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...

9.9CVSS5.9AI score0.00516EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.7 views

Kyverno code-related vulnerabilities

Kyverno is an open-source policy engine designed for Kubernetes by Kyverno developers. Versions of Kyverno prior to 1.16.3 and 1.15.3 contained code vulnerabilities. These vulnerabilities stemmed from an authorization bypass in the “Kyverno Policy apiCall” namespace, which could lead to...

9.9CVSS7.5AI score0.00516EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/01/22 3:52 p.m.9 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.4 security update

Important: Red Hat OpenShift GitOps v1.17.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8231 CVE-2025-47913 openshift-gitops-1/argocd-agent-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS...

9.9CVSS7.1AI score0.04518EPSS
Exploits5References8
RedHat Linux
RedHat Linux
added 2026/01/22 3:47 p.m.10 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.3 security update

Important: Red Hat OpenShift GitOps v1.18.3 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8239 CVE-2025-47913 openshift-gitops-1/gitops-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS gitops-1.1...

9.9CVSS7.1AI score0.04518EPSS
Exploits4References8
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.7 views

External Secrets Security Vulnerabilities

External Secrets is an open-source Kubernetes-related application developed by External Secrets. There were security vulnerabilities in versions 0.20.2 to 1.2.0 of External Secrets. These vulnerabilities stemmed from the getSecretKey template function, which allowed access to secrets across...

9.3CVSS5.8AI score0.00175EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/01/20 4:37 p.m.10 views

External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

Summary The getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, ...

9.3CVSS5.5AI score0.00175EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/01/20 4:37 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the getSecretKey function. An attacker can gain unauthorized access to secrets across namespaces by exploiting the function's ability to bypass security mechanisms and retrieve secrets using elevated...

9.3CVSS5.7AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/01/20 4:37 p.m.5 views

GHSA-77V3-R3JW-J2V2 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

Summary The getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, ...

9.3CVSS5.6AI score0.00175EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/12/15 3:40 p.m.4 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.16.5 security update

Important: Red Hat OpenShift GitOps v1.16.5 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8116 CVE-2024-45338 openshift-gitops-dex-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html gitops-1.17 GITOPS-80...

9.9CVSS7.2AI score0.86767EPSS
Exploits16References7
RedHat Linux
RedHat Linux
added 2025/12/15 3:34 p.m.11 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.2 security update

Important: Red Hat OpenShift GitOps v1.18.2 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-7608 Redis HA pods are taking longer than expected to come up GITOPS-7789 Version override in ArgoCD CR causes operator to use upstream images...

9.9CVSS7.1AI score0.86767EPSS
Exploits16References6
Snyk
Snyk
added 2025/11/04 3:43 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the getIssuerCertificate function. An attacker can gain unauthorized access to Secrets in other namespaces by bypassing RBAC restrictions. This is only exploitable if the attacker has permission to create...

8.7CVSS7AI score0.00197EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/10/28 1:31 p.m.3 views

CVE-2025-12103

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

5CVSS7.3AI score0.00234EPSS
Exploits0References5
Snyk
Snyk
added 2025/10/10 10:41 p.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to the resolvers.SecretKeyRef process not being used for namespace validation. An attacker can gain unauthorized access to secrets across namespaces by exploiting the lack of proper namespace checks during secr...

8.7CVSS7AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/10 10:23 p.m.8 views

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS0.00285EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.7 views

PT-2025-41614

Name of the Vulnerable Software and Affected Versions External Secrets Operator versions 0.10.1 through 0.19.2 Description The External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A flaw exists in the BeyondTrust provid...

8.7CVSS6.2AI score0.00285EPSS
Exploits0References6
Rows per page
Query Builder