53 matches found
EUVD-2026-17995
A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...
CVE-2026-23189
CVE-2026-23189 concerns a NULL pointer dereference in ceph_mds_auth_match() within the CephFS kernel client. The patch reworks ceph_mdsmap_decode() and namespace_equals() so that ceph_mdsmap contains an extracted FS name (m_fs_name) and the code path uses this value for strict authorization check...
SUSE CVE-2025-14986
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
CVE-2025-14986
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
EUVD-2025-205854
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
GHSA-P2GR-HM8G-Q772 Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
CVE-2025-14986
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
CVE-2025-14986
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
PT-2025-54224
Name of the Vulnerable Software and Affected Versions Temporal versions 1.24.0 through 1.29.1 Description When the frontend.enableExecuteMultiOperation setting is enabled, the server incorrectly applies namespace-scoped validation and feature gates. Specifically, it uses the Namespace field from ...
Temporal 安全漏洞
Temporal is a persistent execution platform open-sourced by temporal.io. A security vulnerability exists in Temporal versions 1.24.0 through 1.29.1, which stems from improper namespace validation and could lead to bypassing restrictions or policies...
CVE-2025-62159
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...
CVE-2025-62159
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to the resolvers.SecretKeyRef process not being used for namespace validation. An attacker can gain unauthorized access to secrets across namespaces by exploiting the lack of proper namespace checks during secr...
CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...
CVE-2025-62159
CVE-2025-62159 affects External Secrets Operator’s BeyondTrust provider (versions 0.10.1–0.19.2). The legacy code retrieved Kubernetes secrets directly without validating namespace context or secret store type, enabling cross‑namespace secret access and security boundary violations. In version 0....
CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...
CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...
EUVD-2020-20317
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-3550
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a...