Lucene search
K

47 matches found

OSV
OSV
added 2025/03/18 6:14 p.m.12 views

GO-2025-3530 Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD in github.com/metal3-io/baremetal-operator/apis

Bare Metal Operator BMO can expose any secret from other namespaces via BMCEventSubscription CRD in github.com/metal3-io/baremetal-operator/apis...

6.5CVSS6.8AI score0.00169EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/11 9:46 p.m.4 views

Malicious code in crd-frontend-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c225ce49c193ec137ef2d44bd0ded4bf9da074b818bc455cbe161574dd87f02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/03/11 9:46 p.m.3 views

MAL-2025-2248 Malicious code in crd-frontend-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c225ce49c193ec137ef2d44bd0ded4bf9da074b818bc455cbe161574dd87f02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/01/10 12:23 a.m.4 views

SUSE CVE-2024-56514

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

5.3CVSS7AI score0.00708EPSS
Exploits0References4
OSV
OSV
added 2025/01/03 4:15 p.m.25 views

CVE-2024-56514 Karmada Tar Slips in CRDs archive extraction

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

5.3CVSS6.6AI score0.00708EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/01/03 4:15 p.m.47 views

CVE-2024-56514 Karmada Tar Slips in CRDs archive extraction

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

5.3CVSS0.00708EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/09/11 9:11 a.m.25 views

CVE-2024-42486

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...

7.2CVSS7.2AI score0.00573EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/09/04 5:40 a.m.30 views

CVE-2024-43803

A flaw was found in the Bare Metal Operator BMO. The BMO implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost BMH CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for the...

4.9CVSS6.5AI score0.00574EPSS
Exploits0References10
OSV
OSV
added 2024/09/03 8:13 p.m.14 views

GHSA-PQFH-XH7W-7H3P The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD

Impact The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost BMH CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespac...

6.9CVSS5.1AI score0.00574EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/09/03 8:13 p.m.25 views

The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD

Impact The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost BMH CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespac...

4.9CVSS6.6AI score0.00574EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/08/20 7:20 a.m.8 views

BIT-HUBBLE-RELAY-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...

7.2CVSS4.6AI score0.00573EPSS
Exploits0References4
NVD
NVD
added 2024/08/16 3:15 p.m.35 views

CVE-2024-42486

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...

7.2CVSS0.00573EPSS
Exploits0References3
CVE
CVE
added 2024/08/16 2:34 p.m.311 views

CVE-2024-42486

CVE-2024-42486 affects Cilium (1.15.x before 1.15.8 and 1.16.x before 1.16.1). The vulnerability arises from ReferenceGrant changes not being propagated correctly in Cilium’s GatewayAPI controller, potentially allowing Gateway resources to access secrets longer than intended or enabling Routes to...

7.2CVSS5.5AI score0.00573EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/01 11:16 a.m.16 views

BIT-HUBBLE-UI-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

6.1CVSS5.5AI score0.00184EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:39 p.m.6 views

Malicious code in py-crd (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References2
OSV
OSV
added 2024/06/25 1:39 p.m.7 views

MAL-2024-5626 Malicious code in py-crd (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References2
OSV
OSV
added 2024/06/17 10:30 p.m.23 views

GHSA-64JQ-M7RQ-768H Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References4
Veracode
Veracode
added 2024/03/20 6:29 a.m.20 views

OS Command Injection

github.com/fluid-cloudnative/fluid is vulnerable to OS Command Injection. The vulnerability is due to insufficient input validation within the JuicefsRuntime, allowing an authenticated user with the authority to create or update the K8s CRD Dataset/JuicefsRuntime to execute arbitrary OS commands...

6CVSS7.8AI score0.00611EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/03/15 4:35 p.m.52 views

GHSA-WX8Q-4GM9-RJ2G Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime

Impact OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to...

4CVSS5.8AI score0.00611EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/03/15 4:35 p.m.26 views

Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime

Impact OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to...

6CVSS8.2AI score0.00611EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder