4208 matches found
GHSA-CVQ5-HHX3-F99P Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)
Summary CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the configMap.namespace field accepts any namespace with zero validation, allowing a namespace...
EUVD-2026-23126
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
CVE-2026-6388
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
CVE-2026-6388
The CVE describes a vulnerability in ArgoCD Image Updater where a user with rights to create/modify an ImageUpdater in a multi-tenant environment can bypass namespace boundaries due to insufficient validation. This leads to cross-namespace privilege escalation and unauthorized image updates on ap...
CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
CVE-2026-6388
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
CVE-2026-6388
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
GHSA-497X-RRR9-68JP Grafana Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
EUVD-2026-23100
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the namespace parameter in the Ruler API endpoint after double URL encoding. An attacker can access arbitrary files by sending specially crafted requests. Details A Directory Traversal attack also known as path...
CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
Insufficient Granularity of Access Control
Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in namespace validation for the ImageUpdater resources. An attacker can perform unauthorized image updates on applications in other namespaces by creating or modifying ImageUpdater resources,...
Insufficient Granularity of Access Control
Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in namespace validation for the ImageUpdater resources. An attacker can perform unauthorized image updates on applications in other namespaces by creating or modifying ImageUpdater resources,...
CVE-2026-21726 Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726 Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
PT-2026-33180
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
MCP Server Kubernetes 安全漏洞
MCP Server Kubernetes is a Kubernetes management server developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.4.0 have security vulnerabilities. These vulnerabilities stem from parameter injection issues in the port-forward tool, which may lead to exposure of internal...