40 matches found
K000161495: Rancher Local Path Provisioner vulnerability CVE-2025-62878
Security Advisory Description A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. CVE-2025-62878 Impact There is no impact; F5 products...
CVE-2026-44543
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
EUVD-2026-32954
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543
Local Path Provisioner (rancher/local-path-provisioner) is affected. Before version 0.0.36, a user with edit rights on the local-path-config ConfigMap can inject a malicious helperPod.yaml into the template used to create HelperPods during PVC provisioning/cleanup. The attacker-controlled templat...
Local Path Provisioner 安全漏洞
Local Path Provisioner is a Kubernetes local storage dynamic provisioning tool developed by Rancher. Versions of Local Path Provisioner prior to 0.0.36 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the helperPod.yaml template. Malicious users...
GHSA-7FXV-8WR2-MFC4 Local Path Provisioner Vulnerable to HelperPod Template Injection
Impact A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment during the processing of the helperPod.yaml template. An attacker can gain unauthorized access to sensitive host files, read ServiceAccount tokens from other pods, access other tenants' volume data, or...
Local Path Provisioner Vulnerable to HelperPod Template Injection
Impact A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC...
PT-2026-39897
Name of the Vulnerable Software and Affected Versions local-path-provisioner versions prior to 0.0.36 Description A malicious user with permissions to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template. This template is used to crea...
CVE-2026-33814 vulnerabilities
Vulnerabilities for packages: crossplane-provider-sql, kaf, wal-g, prometheus-alertmanager, k8sgpt-operator, cluster-api, crossplane-provider-aws-memorydb, kubernetes-replicator, azure-workload-identity-webhook, crossplane-provider-aws-cloudfront, gcsfuse, step, trillian, k6, nri-prometheus,...
CVE-2026-33814 vulnerabilities
Vulnerabilities for packages: azure-container-networking, crossplane-provider-aws-elbv2-fips, chartmuseum-fips, crossplane-provider-aws-ecr, kubernetes-secret-generator, metrics-agent-fips, crossplane-provider-aws-sqs-fips, skopeo, crossplane-provider-aws-backup, frankenphp-8.5,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: metacontroller, flux-notification-controller, oras, mountpoint-s3-csi-driver, supercronic, actions-runner-controller, hubble, dgraph, clickhouse-operator, flux-operator, malcontent, grafana-operator, osv-scanner, flux-helm-controller, local-path-provisioner,...
CVE-2025-62878
The CVE-2025-62878 exposure is a path traversal flaw in the Local Path Provisioner (rancher.io/local-path) via the parameters.pathPattern in StorageClass. A malicious user can craft pathPattern (using relative segments like ../) to cause PersistentVolumes to target arbitrary host paths, e.g., ove...
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...
Exploit for CVE-2025-62878
CVE-2025-62878: Local Path Provisioner Path Traversal Over...