607 matches found
CVE-2025-2843
A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with ClusterRole upon deployment of the Namespace-Scoped Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a...
CVE-2025-2843 Observability-operator: observability operator privilege escalation
A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with ClusterRole upon deployment of the Namespace-Scoped Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a...
CVE-2025-2843 Observability-operator: observability operator privilege escalation
A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with ClusterRole upon deployment of the Namespace-Scoped Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a...
CVE-2025-2843
The CVE-2025-2843 issue affects the Observability Operator. It creates a ServiceAccount with ClusterRole permissions when deploying the Namespace-Scoped MonitorStack CR, enabling a namespaced Kubernetes user to create a MonitorStack in their namespace and then escalate to cluster-level privileges...
Important: Red Hat Security Advisory: Cluster Observability Operator 1.3.0
The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.3 release of COO...
CVE-2025-37734
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...
CVE-2025-37734 Kibana Origin Validation Error
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...
CVE-2025-37734 Kibana Origin Validation Error
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...
Kibana 8.19.7, 9.1.7, and 9.2.1 Security Update (ESA-2025-24)
Kibana Origin Validation Error ESA-2025-24 Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant. Affected Versions: 8.12.0 up to and including 8.19.6 9.1.0 up to and including 9.1.6 9.2.0 Affected...
PT-2025-46587
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An origin validation error in Kibana may allow for Server-Side Request Forgery SSRF through a manipulated Origin HTTP header. This manipulation occurs during processing by the Observability AI...
PT-2025-46674
Name of the Vulnerable Software and Affected Versions Observability Operator affected versions not specified Description The Observability Operator creates a ServiceAccount with ClusterRole permissions when deploying a Namespace-Scoped Custom Resource called MonitorStack. This allows a Kubernetes...
CVE-2025-26392
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account...
CVE-2025-26392
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account...
CVE-2025-26392
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account...
CVE-2025-26392 SolarWinds Observability Self-Hosted SQL Injection Vulnerability
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account...
EUVD-2025-35157
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account...
CVE-2025-26392 SolarWinds Observability Self-Hosted SQL Injection Vulnerability
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account...
CVE-2025-26392
SolarWinds Observability Self-Hosted is affected by CVE-2025-26392: an SQL injection vulnerability that can disclose sensitive data when authenticated from a low-privilege account. The issue affects the product as described in multiple sources (NVD, Red Hat/CIRCL/CVE lists and related advisories)...
SolarWinds Observability Self-Hosted SQL注入漏洞
SolarWinds Observability Self-Hosted is an observation platform from SolarWinds USA. SolarWinds Observability Self-Hosted suffers from a SQL injection vulnerability that stems from susceptibility to SQL injection attacks, which could lead to sensitive data disclosure...
Moderate: Red Hat Security Advisory: Kiali 2.11.4 for Red Hat OpenShift Service Mesh 3.1
Kiali 2.11.4 for Red Hat OpenShift Service Mesh 3.1 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 2.11.4, for Red...