1026 matches found
HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting
HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value KV raw mode. id: CVE-2020-25864 info: name: HashiCorp Consul/Consul Enterprise =1.9.4 - Cross-Site Scripting author: c-sh0 severity: medium description: | HashiCorp Consul and Consu...
HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data,...
GHSA-XCGV-8MV7-V8C7 vulnerabilities
Vulnerabilities for packages: apko, consul, rekor-fips, gatekeeper-fips, knative-operator-fips, mattermost-fips, buildkite-agent-fips, prometheus-operator, buildkitd-fips, vault-secrets-operator, buildah-fips, frankenphp-8.2, pinact, traefik-fips, docker-cli-fips, kubernetes-dashboard,...
GHSA-FF52-PH69-CF7X vulnerabilities
Vulnerabilities for packages: opentelemetry-collector-k8s-fips, nri-postgresql-fips, aws-flb-firehose-fips, secrets-store-csi-driver, crossplane-provider-aws-fsx, pdfcpu, nsc-fips, atlas, mlrun-log-collector, crossplane-provider-aws-fsx-fips, consul-k8s, addon-resizer-fips, oras,...
Security Bulletin: Consul-template is vulnerable to path redirection in writeToFile through symlink attack
Summary The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in...
CVE-2026-14361
The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...
EUVD-2026-42346
The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...
CVE-2026-14361
The CVE-2026-14361 issue affects consul-template prior to 0.42.1, where the writeToFile helper opens the destination path directly and follows links in the path. This can allow template output to be written outside the intended directory or overwrite an existing file. The root cause is path redir...
CVE-2026-14361 Consul-template is vulnerable to path redirection in writeToFile through symlink attack
The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...
Consul-template vulnerable to path redirections in writeToFile
Summary The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in...
GHSA-8XWF-RJM4-XVHV vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt, cilium-cli,...
GHSA-XF85-363P-868W vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, harvester, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt,...
GHSA-VH4V-2XQ2-G5CG vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt, cilium-cli,...
CVE-2026-50162 vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt, cilium-cli,...
CVE-2026-48978 vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, harvester, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt,...
GHSA-JXPM-75MH-9FP7 vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt, cilium-cli,...
CVE-2026-50151 vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt, cilium-cli,...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-servicefabric, osv-scanner, prometheus-podman-exporter-fips, crossplane-provider-azure-notificationhubs, crossplane-provider-aws-wafv2, crossplane-provider-aws-lexmodels, docker-compose, traefik-fips, kubernetes-dashboard,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-servicefabric, osv-scanner, prometheus-podman-exporter-fips, crossplane-provider-azure-notificationhubs, crossplane-provider-aws-wafv2, crossplane-provider-aws-lexmodels, docker-compose, traefik-fips, kubernetes-dashboard,...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-servicefabric, spicedb, secrets-store-csi-driver, osv-scanner, crossplane-provider-gcp-beta-networksecurity, kube-mgmt-fips, ipfs-cluster, atlas, consul-k8s, prometheus-podman-exporter-fips, crossplane-provider-azure-notificationhubs,...