5 matches found
Duplicate Advisory: Kyverno is vulnerable to server-side request forgery (SSRF)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rggm-jjmc-3394. This link is maintained to preserve external references. Original Description Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...
CVE-2026-4789
CVE-2026-4789 : Kyverno versions >=1.16.0 are vulnerable to SSRF via the CEL HTTP library used in CEL-based policies. The issue stems from the http.Get/http.Post functions in pkg/cel/libs/http/http.go not enforcing URL restrictions, enabling an attacker with namespace-scoped policy creation pe...
PT-2026-29129
Name of the Vulnerable Software and Affected Versions Kyverno versions 1.16.0 and later Description Kyverno is susceptible to Server-Side Request Forgery SSRF because of unrestricted Common Expression Language CEL HTTP functions. Recommendations Update to a newer version that contains a fix for...
CVE-2024-38769
Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11...
CVE-2022-45891
Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads Upload2.ashx or access content uploaded by other users View.aspx after Ajax.asmx/SaveGrantAccessList...