Lucene search
K

4 matches found

OSV
OSV
added 2026/06/10 1:37 p.m.8 views

GHSA-G759-4PXW-6692 @hulumi/policies bypasses IAM-role policy checks when the role trusts multiple OIDC providers

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-697 Incorrect Comparison Summary AWS IAM trust policies can list more than one federated identity provider — for example, a role that accepts BOTH GitHub Actions OIDC and Google's OIDC. The GOIDC1 and GOIDC2 policy rules ar...

8.3CVSS5.5AI score0.0004EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:14 p.m.3 views

CVE-2026-23634

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

5.4AI score0.00227EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/16 7:14 p.m.6 views

EUVD-2026-3113

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

6.2AI score0.00227EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/19 3:31 p.m.15 views

OpenShift Must Gather Operator Improper Input Validation vulnerability

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource CRD of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard...

8.8CVSS6.8AI score0.00754EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder