27 matches found
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization due to the serviceAccountRegex matcher in pilot/pkg/security/authz/model/generator.go. An attacker can gain access to workloads protected by AuthorizationPolicy rules by presenting a SPIFFE identity whose namespa...
CVE-2026-34986 vulnerabilities
Vulnerabilities for packages: omni-fips, boring-registry, bento-fips, azcopy, harbor-fips, grype-db, gitlab-workhorse-ce, tkn-fips, fulcio, velero, gitlab-runner, chainloop-control-plane, cert-manager, gotrue, envconsul-fips, gitlab-kas, scorecard, sftpgo, traefik-fips, oauth2-proxy,...
GHSA-78H2-9FRX-2JM8 vulnerabilities
Vulnerabilities for packages: omni-fips, boring-registry, bento-fips, azcopy, harbor-fips, grype-db, gitlab-workhorse-ce, tkn-fips, fulcio, velero, gitlab-runner, chainloop-control-plane, cert-manager, gotrue, envconsul-fips, gitlab-kas, scorecard, sftpgo, traefik-fips, oauth2-proxy,...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: azure-ipam, grafana-pyroscope, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, terraform-provider-google, q, whereabouts, nri-cassandra, kube-rbac-proxy, azurefile-csi, smokescreen, nri-jmx, spark-operator, tempo,...
GHSA-J3GX-2473-5FP8 vulnerabilities
Vulnerabilities for packages: azure-ipam, grafana-pyroscope, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, terraform-provider-google, q, whereabouts, nri-cassandra, kube-rbac-proxy, azurefile-csi, smokescreen, nri-jmx, spark-operator, tempo,...
CVE-2026-27142 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-rds, prometheus-pushgateway, grafana-pyroscope, yunikorn-k8shim, dkron, flux-helm-controller, docker-cli, migrate, snyk-cli, step-issuer, gatekeeper, kaf, tofu-controller, x509-certificate-exporter, ingress-nginx-controller,...
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: azure-ipam, grafana-pyroscope, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, terraform-provider-google, q, whereabouts, kube-rbac-proxy, azurefile-csi, smokescreen, nri-jmx, spark-operator, tempo,...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-rds, prometheus-pushgateway, grafana-pyroscope, yunikorn-k8shim, dkron, flux-helm-controller, docker-cli, migrate, snyk-cli, step-issuer, gatekeeper, kaf, tofu-controller, x509-certificate-exporter, ingress-nginx-controller,...
CVE-2026-27139 vulnerabilities
Vulnerabilities for packages: azure-ipam, grafana-pyroscope, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, terraform-provider-google, q, whereabouts, kube-rbac-proxy, azurefile-csi, smokescreen, nri-jmx, spark-operator, tempo,...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: cluster-api-ipam-provider-in-cluster, minc-fips, pgwatch, jobset-fips, kube-logging-operator, kubernetes-ingress-defaultbackend-fips, apache-exporter, nri-mongodb, cluster-api-provider-vsphere, yunikorn-k8shim, json-exporter-fips, prometheus-stackdriver-exporter,...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: pgwatch, jobset-fips, apache-exporter, cluster-api-provider-vsphere, yunikorn-k8shim, json-exporter-fips, prometheus-stackdriver-exporter, docker-compose-fips, boring-registry, gitlab-operator, kubernetes-csi-external-resizer-fips, thanos-receive-controller,...
CVE-2025-61729 vulnerabilities
Vulnerabilities for packages: age-fips, kube-logging-operator, kubernetes-ingress-defaultbackend-fips, amazon-k8s-cni-fips, apache-exporter, nri-mongodb, jaeger-operator, boring-registry, kubernetes-csi-external-resizer-fips, cloudnative-pg-fips, dynamic-localpv-provisioner-fips, harbor-fips,...
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via resource exhaustion caused by improper cleanup of long-lived resources. Several components fail to correctly close or release gRPC connections, SPIFFE sources, and streaming...
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via resource exhaustion caused by improper cleanup of long-lived resources. Several components fail to correctly close or release gRPC connections, SPIFFE sources, and streaming...
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via resource exhaustion caused by improper cleanup of long-lived resources. Several components fail to correctly close or release gRPC connections, SPIFFE sources, and streaming...
Zero Trust Security Model Implementation in Microservices Architectures Using Identity Federation
The microservice bombshells that have been linked with the microservice expansion have altered the application architectures, offered agility and scalability in terms of complexity in security trade-offs. Feeble legacy-based perimeter-based policies are unable to offer safeguard to distributed...
EUVD-2021-1097
Malware in sbrugna...
EUVD-2021-13869
Malware in sbrugna...
CVE-2021-27098
In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to...
CVE-2021-27099
In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "awsiid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of ...