Code Injection

Gardener Extensions is vulnerable to Code Injection. The vulnerability is due to improper handling of user-controlled input in Terraformer-based infrastructure provisioning across AWS, Azure, OpenStack, and GCP providers, which allows an attacker with administrative privileges in a Gardener proje...

SUSE CVE-2025-59823

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

EUVD-2025-31113

Malicious code in bioql PyPI...

EUVD-2025-28080

Malicious code in bioql PyPI...

CVE-2025-59823

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning

Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...

GHSA-227X-7MH8-3CF6 Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning

Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...

CVE-2025-59823

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

PT-2025-39386

Name of the Vulnerable Software and Affected Versions Project Gardener versions prior to 1.64.0 AWS providers Project Gardener versions prior to 1.55.0 Azure providers Project Gardener versions prior to 1.49.0 OpenStack providers Project Gardener versions prior to 1.46.0 GCP providers Description...

SUSE CVE-2025-47282

Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user...

SUSE CVE-2025-47284

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the gardenlet component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a...

CVE-2025-47283

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain...

CVE-2025-47282

Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user...

Privilege Escalation

github.com/gardener/gardener is vulnerable to a Privilege Escalation. The vulnerability is due to insufficient access control and trust boundary enforcement in the gardenlet component, which allowed project administrators to interact with or influence seed cluster resources beyond their intended...

Privilege Escalation

github.com/gardener/external-dns-management is vulnerable to a privilege escalation. The vulnerability is due to insufficient isolation and access control between shoot clusters and the seed cluster in the external-dns-management component, which allows an attacker with admin access to a shoot...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining via the project secret validation process. An attacker can escalate privileges and potentially gain control over seed clusters by bypassing the intended security restrictions. Remediation Upgrade...

CVE-2025-47283 Bypassing project secret validation can lead to privilege escalation

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain...

CVE-2025-47282

CVE-2025-47282 affects Gardener External DNS Management (< 0.23.6) and, when enabled, the shoot-dns-service extension (= 0.23.6; for the extension, upgrade the shoot-dns-service extension beyond v1.60.0. If exploitation details are provided in the connected documents they are not included here...