Lucene search
K

965 matches found

OSV
OSV
added 2026/05/28 7:16 p.m.3 views

PYSEC-2026-600

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

8.8CVSS5.9AI score0.00329EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.30 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS0.00329EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:0 a.m.7 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS6AI score0.00329EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44464

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 14.0.0 through 29.0.1 Description The RBAC policy enforcer in the enforce call function unconditionally merges the raw JSON request body into the policy enforcement dictionary using policy dict.updatejson input.copy...

8.8CVSS5.4AI score0.00329EPSS
Exploits1References16
Vulnrichment
Vulnrichment
added 2026/05/19 9:39 p.m.11 views

CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.9AI score0.00297EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 4:34 p.m.23 views

shopper/framework: Authorization bypass in multiple Livewire admin components

Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.10 views

CVE-2026-42541

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/14 11:50 a.m.20 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6194: Backport to odf-4.17.24 ocs-operator should not use image gcr.io/kubebuilder/kube-rbac-proxy...

9.8CVSS5.8AI score0.01735EPSS
Exploits3References6
RedHat Linux
RedHat Linux
added 2026/05/14 11:46 a.m.21 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18.20 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.18.20 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.18.20 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6235: 4.18 ROSA HCPUI blocker Broken Storage System wizard DFBUGS-6185: ocs-operator should not use image...

9.8CVSS5.8AI score0.01735EPSS
Exploits3References6
NVD
NVD
added 2026/05/12 6:17 p.m.16 views

CVE-2026-42541

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

4.3CVSS0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 5:57 p.m.12 views

CVE-2026-42541

CVE-2026-42541 (Kubewarden RBAC Reconnaissance) : Affected Kubewarden versions allow an attacker with privileged AdmissionPolicy/AdmissionPolicyGroup create permissions to abuse the can_i host callback, which forwards a SubjectAccessReview (SAR) to the policy-server with elevated privileges. This...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40269

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

2.3CVSS5.7AI score0.00377EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/09 3:44 a.m.7 views

CVE-2026-42183

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

2.3CVSS5.7AI score0.00377EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/09 3:44 a.m.6 views

CVE-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

2.3CVSS5.7AI score0.00377EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/07 3:16 a.m.57 views

CVE-2026-41201 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...

9.1CVSS0.00331EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:49 p.m.7 views

Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call

Impact Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manne...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/05/05 9:49 p.m.7 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 9:49 p.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 8:1 p.m.5 views

GHSA-P4GQ-3VXJ-F4JQ Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Summary A nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSODELEGATERBACTONAMESPACE=true. Details When getServiceAccountclaims, ssoNamespace...

2.3CVSS5.9AI score0.00377EPSS
Exploits1References5
Snyk
Snyk
added 2026/05/04 8:1 p.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the rbacAuthorization process in gatekeeper.go when SSO RBAC delegation is enabled and a user's claims match a namespace-level RBAC rule but not an SSO-namespace rule. An attacker can cause the server to pani...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References2
Rows per page
Query Builder