137 matches found
Unity Linux 20.1050e / 20.1070e Security Update: kubernetes (UTSA-2026-017342)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017342 advisory. A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows...
RHCOS 4 : OpenShift Container Platform 4.4.8 openshift (RHSA-2020:2448)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2448 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...
RHCOS 4 : OpenShift Container Platform 4.2.36 openshift (RHSA-2020:2594)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2594 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: agentbeat, nri-discovery-kubernetes, aws-sigv4-proxy-fips, nri-discovery-kubernetes-fips, extism, tw, jupyterhub-k8s-image-awaiter-fips, podman, terraform-provider-sendgrid, k8ssandra-operator-fips, grafana-rollout-operator, ipfs-cluster, wave, gotestsum,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: agentbeat, nri-discovery-kubernetes, zot, aws-sigv4-proxy-fips, cilium-certgen, extism, nri-discovery-kubernetes-fips, rancher-support-bundle-kit, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips, podman, terraform-provider-sendgrid,...
Cisco Catalyst SD-WAN Controller Authentication Bypass (cisco-sa-sdwan-rpa-EHchtZk)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an...
GO-2025-4240 Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes
Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes...
Portworx Half-Blind SSRF in kube-controller-manager
...
CVE-2025-13281
A half-blind Server-Side Request Forgery SSRF found in kube-controller-manager that can be triggered when using the legacy in-tree Portworx StorageClass. An authorized user with sufficient privileges can cause the controller to make requests to internal, host-network–accessible endpoints,...
kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
EUVD-2025-203310
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
GHSA-R6J8-C6R2-37RR kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
DEBIAN-CVE-2025-13281
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
AZL-72386 CVE-2025-13281 affecting package kubernetes for versions less than 1.28.4-21
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
AZL-72382 CVE-2025-13281 affecting package kubernetes for versions less than 1.30.10-18
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
CVE-2025-13281
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...
CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
CVE-2025-13281
The CVE-2025-13281 entry describes a half-blind SSRF in kube-controller-manager when using the in-tree Portworx StorageClass. Affected: Kubernetes kube-controller-manager components handling Portworx StorageClass, with information disclosure risk by leaking data from unprotected endpoints in the ...