Lucene search
K

155 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 7:10 p.m.6 views

CVE-2026-11769

A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...

8.8CVSS5.7AI score0.00361EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 6:20 p.m.5 views

GHSA-8WCJ-MFRC-JX5Q Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container

Summary Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet auto-mounted the service-account token into every container in the pod — including the user-supplied builder image. Details The user controls the builder...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/30 6:20 p.m.13 views

EUVD-2026-36101

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.14 views

CVE-2026-8617

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/13 6:7 a.m.3 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go‎ that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/13 6:7 a.m.4 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go‎ that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/13 4:17 a.m.33 views

CVE-2026-11769 Operator - Namespaced User Path Traversal

We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templating...

6.4CVSS0.00361EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 5:28 p.m.8 views

CVE-2026-50565 Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the...

4.9CVSS5.4AI score0.00255EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:28 p.m.24 views

CVE-2026-50565

CVE-2026-50565 affects Fission (Kubernetes-native serverless framework). Before v1.24.0, builder pods were created with ServiceAccountName: fission-builder and AutomountServiceAccountToken was not disabled, causing the kubelet to auto-mount the service-account token into every container in the po...

4.9CVSS5.4AI score0.00255EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/10 5:24 p.m.18 views

OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth

Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...

5.6AI score0.00017EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the use of ServiceAccountName: fission-builder in the builder pod, without setting AutomountServiceAccountToken: fals...

4.9CVSS5.3AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48510

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. In affected versions, builder pods are created with the...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48539

Name of the Vulnerable Software and Affected Versions opentelemetry-operator affected versions not specified Description The TargetAllocator in the OpenTelemetry Operator processes ServiceMonitor resources and converts endpoints into Prometheus scrape configurations. A tenant with permissions to...

7.7CVSS6AI score0.00017EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41185

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

6.5CVSS5.5AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

9.1CVSS5.4AI score0.0056EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-46096

Summary The environment variables KERNEL XXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

10CVSS6.4AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:47 p.m.6 views

CVE-2026-41184

In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...

6CVSS5.8AI score0.00504EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 3:47 p.m.34 views

CVE-2026-41185 ServiceAccount token disclosure via Azure IPAM CNI plugin logs

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

6CVSS0.00323EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 3:47 p.m.12 views

EUVD-2026-32933

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

6CVSS5.8AI score0.00323EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 3:47 p.m.12 views

EUVD-2026-32931

In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...

6CVSS5.8AI score0.00504EPSS
Exploits0References4
Rows per page
Query Builder