Lucene search
K

153 matches found

OSV
OSV
added 2026/06/30 6:12 p.m.10 views

GHSA-7M8X-QG2J-4M3V Fission: MessageQueueTrigger scaler manager materializes Secret values into Deployment envvars and accepts arbitrary user PodSpec

Summary The Fission MessageQueueTrigger MQT scaler controller exposed two privilege-escalation primitives to any subject able to create MQTs in a namespace. Details 1. Secret materialization. getEnvVarlist in pkg/mqtrigger/scalermanager.go read the Secret named in Spec.Secret using the controller...

8.1CVSS5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54443

Name of the Vulnerable Software and Affected Versions Fulcio versions prior to 1.8.6 Description Three security issues were identified in the OIDC Discovery client. First, a blind Server-Side Request Forgery SSRF occurs because the HTTP client used to fetch OIDC discovery metadata from the...

8.7CVSS5.8AI score
Exploits0References5
NVD
NVD
added 2026/06/26 10:16 p.m.10 views

CVE-2026-55069

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS0.00158EPSS
Exploits1References1
OSV
OSV
added 2026/06/26 8:50 p.m.2 views

CVE-2026-55069 Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS6AI score0.00158EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 2:17 p.m.12 views

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 1:26 p.m.9 views

EUVD-2026-38448

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.8AI score0.00226EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 5:20 p.m.36 views

CVE-2026-46617

CVE-2026-46617 (Fission) affects Fission runtimes prior to v1.23.0. The runtime pod was created with ServiceAccountName: fission-fetcher, which had namespace-wide get permissions on secrets and configmaps. The automounted token was accessible inside user function containers at /var/run/secrets/ku...

8.7CVSS5.5AI score0.00276EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contain security vulnerabilities. These vulnerabilities stem from the runtime Pod using the fission-fetcher ServiceAccount and automatically mounting tokens. User function code can rea...

8.7CVSS5.4AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 6:30 p.m.2 views

GHSA-9P7W-W5Q6-MXJ3 Calico Inserts Sensitive Information into Log File

In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...

6.5CVSS5.8AI score0.00504EPSS
Exploits0References9
NVD
NVD
added 2026/05/28 5:16 p.m.21 views

CVE-2026-41184

In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...

6.5CVSS0.00504EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/28 3:47 p.m.9 views

CVE-2026-41185 ServiceAccount token disclosure via Azure IPAM CNI plugin logs

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

6CVSS5.8AI score0.00323EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 3:47 p.m.2 views

CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs

In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...

6CVSS6AI score0.00504EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/28 3:47 p.m.9 views

CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs

In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...

6CVSS5.8AI score0.00504EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 3:47 p.m.30 views

CVE-2026-41184

In Calico, the install-cni init container logs the rendered CNI configuration and, when the template uses the SERVICEACCOUNT_TOKEN placeholder (Canal/Flannel-Calico deployments), substitutes the live Kubernetes ServiceAccount bearer token for logging. This exposes the token to any authenticated u...

6.5CVSS5.8AI score0.00504EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/28 3:47 p.m.33 views

CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs

In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...

6CVSS0.00504EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 3:47 p.m.4 views

CVE-2026-41185 ServiceAccount token disclosure via Azure IPAM CNI plugin logs

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

6CVSS6AI score0.00323EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44409

Name of the Vulnerable Software and Affected Versions Calico affected versions not specified Description The install-cni init container logs the rendered CNI configuration to standard output. In Canal or Flannel-Calico deployments where the configuration template uses the SERVICEACCOUNT TOKEN...

6.5CVSS5.4AI score0.00504EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/05/21 8:16 p.m.32 views

Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read

Summary Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps it needs that to load function code, env vars, and config. The runtime pod's automounted token was reachable from...

8.7CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2026/05/16 5:31 a.m.17 views

Improper Authorization

Fleet is vulnerable to Improper Authorization. The vulnerability is due to incomplete application of ServiceAccount impersonation in certain Helm deployer code paths, which allows an attacker with git push access to read secrets from arbitrary namespaces on downstream clusters...

9.9CVSS6AI score0.00379EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/14 8:21 a.m.21 views

CVE-2026-41050

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...

9.9CVSS5.9AI score0.00379EPSS
Exploits0References1
Rows per page
Query Builder