5 matches found
SUSE CVE-2025-48710
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
CVE-2025-48710
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
kro Confused Deputy vulnerability
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
CVE-2025-48710
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
CVE-2025-48710
CVE-2025-48710 affects kro (Kube Resource Orchestrator) with affected version 0.1.0 up to before 0.2.1. The issue stems from users who can create or modify ResourceGraphDefinition resources being able to supply arbitrary container images, enabling a confused-deputy scenario where kro controllers ...