4 matches found
CVE-2026-29954
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...
CVE-2026-29954
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator are affected by an SSRF vulnerability via the chartURL field of ResourceComposition resources. The field is only URL-encoded, with no validation of the target address. More critically, kubeconfiggenerator concatenates the chartURL di...
KubePlus 安全漏洞
KubePlus is a Kubernetes multi-tenant application management platform developed by cloud-ark. KubePlus 4.1.4 contains security vulnerabilities, which stem from server-side request forgery and command injection during the processing of the chartURL field by the mutating webhook and...
CVE-2026-29954
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...