Lucene search
K

9 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/02 12:0 a.m.8 views

The vulnerability of the CRD AdmissionPolicyGroup component in the Kubernetes cluster “kubewarden-controller” allows a attacker to gain unauthorized access to modify data or disclose sensitive information.

The vulnerability of the CRD AdmissionPolicyGroup component in the Kubernetes cluster “kubewarden-controller” is related to improper authorization. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to modify data or expose sensitive information...

4.3CVSS7AI score0.00282EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 12:0 p.m.11 views

CVE-2025-24376

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

6.5CVSS6.7AI score0.00335EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/06 3:48 a.m.2 views

SUSE CVE-2025-24376

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

6.5CVSS6.8AI score0.00335EPSS
Exploits0References3
OSV
OSV
added 2025/01/30 5:52 p.m.10 views

GHSA-756X-M4MJ-Q96C Kubewarden-Controller information leak via AdmissionPolicyGroup Resource

Impact The policy group feature, added to by the 1.17.0 release, introduced two new types of CRD: ClusterAdmissionPolicyGroup and AdmissionPolicyGroup. The former is cluster wide, while the latter is namespaced. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluste...

4.3CVSS4.7AI score0.00282EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/01/30 5:52 p.m.32 views

Kubewarden-Controller information leak via AdmissionPolicyGroup Resource

Impact The policy group feature, added to by the 1.17.0 release, introduced two new types of CRD: ClusterAdmissionPolicyGroup and AdmissionPolicyGroup. The former is cluster wide, while the latter is namespaced. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluste...

4.3CVSS4.5AI score0.00282EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/30 3:51 p.m.19 views

CVE-2025-24376 The kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

6.5CVSS6.5AI score0.00335EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/30 3:51 p.m.35 views

CVE-2025-24376 The kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

6.5CVSS0.00335EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/30 3:39 p.m.26 views

CVE-2025-24784 kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considere...

4.3CVSS0.00282EPSS
Exploits0References2
CVE
CVE
added 2025/01/30 3:39 p.m.98 views

CVE-2025-24784

CVE-2025-24784 affects kubewarden-controller (AdmissionPolicyGroup CRD) in Kubewarden. The issue enables an information leak where context aware policies can—via the ServiceAccount used to run the Policy Server—list/get resources in the cluster beyond the policy’s own scope, depending on the RBAC...

4.3CVSS4.4AI score0.00282EPSS
Exploits0References2
Rows per page
Query Builder