EUVD-2024-1331

Malicious code in bioql PyPI...

CVE-2025-2842 Tempo-operator: tempo operator token exposition lead to read sensitive data

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

CVE-2025-2842

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

PT-2025-14479 · Unknown · Tempo Operator

Name of the Vulnerable Software and Affected Versions: Tempo Operator affected versions not specified Description: A flaw was found in the Tempo Operator related to the Jaeger UI Monitor Tab functionality. When this functionality is enabled, the Operator creates a ClusterRoleBinding for the Servi...

SUSE CVE-2024-13484

A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the...

CVE-2024-13484

Technical details for CVE-2024-13484 are not publicly provided in the connected documents. The SUSE advisories mention the CVE but do not supply affected products/versions or root-cause details. Monitor for updates.

CVE-2024-13484 Openshift-gitops-operator-container: namespace isolation break

A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the...

Argo CD 安全漏洞

Argo CD is an Argo open source declarative GitOps continuous delivery tool for Kubernetes. A security vulnerability exists in Argo CD that stems from the fact that the openshift.io/cluster-monitoring tag is automatically applied to all namespaces where ArgoCD CR instances are deployed, allowing t...

PT-2025-2188 · Unknown +2 · Openshift-Gitops-Operator-Container +2

Name of the Vulnerable Software and Affected Versions: openshift-gitops-operator-container affected versions not specified ArgoCD affected versions not specified Description: A flaw was found in the software, allowing a namespace to create a rogue PrometheusRule when the...

GO-2024-2789 Cluster Monitoring Operator contains a credentials leak in github.com/openshift/cluster-monitoring-operator

Cluster Monitoring Operator contains a credentials leak in github.com/openshift/cluster-monitoring-operator...

Withdrawn Advisory: Cluster Monitoring Operator contains a credentials leak

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in the Go registry. For more information, see the discussion here. This link is maintained to preserve external references. Original Description A credentials leak vulnerability was found in th...

GHSA-X5M7-63C6-FX79 Withdrawn Advisory: Cluster Monitoring Operator contains a credentials leak

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in the Go registry. For more information, see the discussion here. This link is maintained to preserve external references. Original Description A credentials leak vulnerability was found in th...

CVE-2024-1139

A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret...

CVE-2024-1139 Cluster-monitoring-operator: credentials leak

A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret...

CVE-2024-1139

CVE-2024-1139 affects OpenShift Container Platform’s cluster-monitoring-operator. The root cause is a credentials leak where a repository pull secret can be accessed via pod manifest annotations (notably within the telemeter-client pod in openshift-monitoring). This could allow a user with basic ...

CVE-2024-1139

A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret...

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in Grafana (CVE-2023-22462)

Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2023-22462 Vulnerability Details CVEID: CVE-2023-22462 DESCRIPTION: Grafana is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Text plugi...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update

Red Hat OpenShift Container Platform release 3.11.170 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

Fedora Update for whatsup FEDORA-2011-2801

Check for the Version of whatsup OpenVAS Vulnerability Test Fedora Update for whatsup FEDORA-2011-2801 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

ganglia cluster monitoring tool buffer overflow

gmetad buffer overflow...