Cluster Control CMON API - Directory Traversal

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API. id: CVE-2024-41628 info: name: Cluster Control CMON API...

CVE-2024-41628

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API...

EUVD-2020-26510

Malware in sbrugna...

Red Hat OpenShift AI 安全漏洞

Red Hat OpenShift AI is an AI-oriented lifecycle management platform from Red Hat USA. A security vulnerability exists in Red Hat OpenShift AI that stems from a low-privilege attacker being able to elevate privileges through an authenticated account, potentially leading to complete control of the...

CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

Linux Distros Unpatched Vulnerability : CVE-2022-2735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemon...

SUSE CVE-2025-47284

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the gardenlet component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a...

CVE-2023-33190

Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control RBAC permissions resulted in an attacker being able to obtain cluster control permissions, which could contr...

CVE-2022-45933

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side projec...

CVE-2025-47283

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining via the project secret validation process. An attacker can escalate privileges and potentially gain control over seed clusters by bypassing the intended security restrictions. Remediation Upgrade...

SUSE CVE-2024-9779

A flaw was found in Open Cluster Management OCM when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named...

GHSA-JHH6-6FHP-Q2XP Open Cluster Management vulnerable to Trust Boundary Violation

A flaw was found in Open Cluster Management OCM when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named...

CVE-2024-41628

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API...

CVE-2024-41628

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API...

Severalnines Cluster Control 安全漏洞

Severalnines Cluster Control is agentless management and automation software for database clusters from Severalnines. Severalnines Cluster Control versions 1.9.8 prior to 1.9.8-9778, 2.0.0 prior to 2.0.0-9779, and 2.1.0 prior to 2.1.0-9780 have a security vulnerability that originates from the...

CVE-2024-41628

This CVE (CVE-2024-41628) affects Severalnines Cluster Control CMON API. The vulnerability is a Directory Traversal that allows an unauthenticated remote attacker to include and display arbitrary server files via HTTP requests to CMON API endpoints. Affected versions are Cluster Control 1.9.8 bef...

PT-2024-29470 · Severalnines · Severalnines Clustercontrol

Name of the Vulnerable Software and Affected Versions: Severalnines Cluster Control versions 1.9.8 through 1.9.8-9777 Severalnines Cluster Control versions 2.0.0 through 2.0.0-9778 Severalnines Cluster Control versions 2.1.0 through 2.1.0-9779 Description: A Directory Traversal issue allows a...

CVE-2024-41628

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API...

PT-2024-3523

Name of the Vulnerable Software and Affected Versions: Microsoft Azure Kubernetes Service Confidential Container affected versions not specified Description: The issue is related to a lack of access control in the deployment and management of confidential containers in Azure Kubernetes Service,...