Lucene search
+L

31 matches found

Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-33227

Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 1.16.4 Description The apiCall servicecall helper implicitly injects an 'Authorization: Bearer ...' header using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization heade...

8.1CVSS5.9AI score0.00289EPSS
Exploits1References9
OSV
OSV
added 2026/03/18 8:20 p.m.4 views

GHSA-J5Q5-J9GM-2W5C Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod

Summary The Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permission to create ResolutionRequests e.g. by creating TaskRuns or PipelineRuns that use the git resolver can read arbitrary files from the resolver pod's filesystem, including...

9.6CVSS5.9AI score0.00573EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-9524

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00336EPSS
Exploits0References5
OSV
OSV
added 2025/04/02 3:31 p.m.7 views

GHSA-28GR-56HR-PRP6 Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview...

4.3CVSS5.8AI score0.00336EPSS
Exploits0References8
NVD
NVD
added 2025/04/02 11:15 a.m.17 views

CVE-2025-2786

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview...

4.3CVSS0.00336EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/02 11:7 a.m.6 views

CVE-2025-2786 Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview...

4.3CVSS7AI score0.00336EPSS
Exploits0References5
CVE
CVE
added 2025/04/02 11:7 a.m.128 views

CVE-2025-2786

CVE-2025-2786 affects Grafana Tempo Operator. A flaw during TempoStack/TempoMonolithic deployment creates a ServiceAccount, ClusterRole, and ClusterRoleBinding, enabling a user with full access to their namespace to extract the ServiceAccount token and use TokenReview and SubjectAccessReview requ...

4.3CVSS7AI score0.00336EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.8 views

PT-2025-14478

Name of the Vulnerable Software and Affected Versions Tempo Operator affected versions not specified Description A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allow...

4.3CVSS5.8AI score0.00336EPSS
Exploits0References15
OSV
OSV
added 2025/01/30 3:39 p.m.16 views

CVE-2025-24784 kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considere...

4.3CVSS6.6AI score0.00282EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/20 9:16 p.m.27 views

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

8.8CVSS0.0052EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/10/29 4:5 a.m.34 views

CVE-2021-25742 Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster...

7.6CVSS7.6AI score0.01784EPSS
Exploits1References3
Rows per page
Query Builder