Lucene search
K

7 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 3:22 p.m.18 views

Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.19.0-1 Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...

10CVSS7.1AI score0.01945EPSS
Exploits4References13
GithubExploit
GithubExploit
added 2026/03/20 2:17 p.m.356 views

Exploit for CVE-2026-4342

CVE-2026-4342 Test Environment Configuration These files set...

8.8CVSS5.8AI score0.01494EPSS
Exploits1
Snyk
Snyk
added 2025/03/24 11:43 p.m.4 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the Validating Admission Controller feature. An attacker with access to the pod network can execute code, which allows them to access stored secrets. By default, the controller can access al...

9.8CVSS7.4AI score0.99098EPSS
Exploits20References2
OSV
OSV
added 2022/05/16 6:13 p.m.20 views

GHSA-VVMQ-FWMG-2GJC Improper kubeconfig validation allows arbitrary code execution

Flux2 can reconcile the state of a remote cluster when provided with a kubeconfig with the correct access rights. Kubeconfig files can define commands to be executed to generate on-demand authentication tokens. A malicious user with write access to a Flux source or direct access to the target...

9.9CVSS10AI score0.01044EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/16 6:13 p.m.48 views

Improper kubeconfig validation allows arbitrary code execution

Flux2 can reconcile the state of a remote cluster when provided with a kubeconfig with the correct access rights. Kubeconfig files can define commands to be executed to generate on-demand authentication tokens. A malicious user with write access to a Flux source or direct access to the target...

9.9CVSS1.7AI score0.01044EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2022/05/06 12:15 a.m.29 views

CVE-2022-24817

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

9.9CVSS0.01044EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/07/27 10:36 p.m.3 views

kubernetes: Validating Admission Webhook does not observe some previous fields

A vulnerability was found in Kubernetes' kube-apiserver that could allow Node updates to bypass a Validating Admission Webhook. An authenticated user could exploit this by modifying Node properties to values that should have been prevented by registered admission webhooks...

6.5CVSS6.9AI score0.05524EPSS
Exploits1References5
Rows per page
Query Builder