CVE-2026-10840

The CVE-2026-10840 entry describes a vulnerability in the OpenShift Pipelines operator where tekton-scheduler-rolebinding grants system:authenticated write access to Kueue and cert-manager CRDs via the tekton-scheduler-role. When Kueue or cert-manager CRDs exist, any authenticated user could disr...

operator-poc

operator-poc // TODOuser: Add simple overview of use/purpose...

GO-2025-3363 Karmada Tar Slips in CRDs archive extraction in github.com/karmada-io/karmada

Karmada Tar Slips in CRDs archive extraction in github.com/karmada-io/karmada...

CVE-2024-56514 Karmada Tar Slips in CRDs archive extraction

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

GHSA-CWRH-575J-8VR3 Karmada Tar Slips in CRDs archive extraction

Impact What kind of vulnerability is it? Who is impacted? Both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resource definitionsCRDs needed by karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a...

BIT-HUBBLE-RELAY-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

BIT-CILIUM-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

BIT-CILIUM-OPERATOR-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

Missing Encryption

github.com/cilium/cilium is vulnerable to Missing Encryption. The vulnerability is due to a lack of encryption to/from the Ingress and health endpoints when CRDs are used to store the Cilium state and Wireguard transparent encryption is enabled, which allows an attacker to eavesdrop on the...

Unencrypted ingress/health traffic when using Wireguard transparent encryption

Impact For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, responses from pods to the Ingress and health endpoints are not encrypted. Traffic from the Ingress and health endpoints to pods is not affected by this issue. The heal...

CVE-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

Default configuration

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

CVE-2024-25630

Cilium vulnerability affecting the v1.14 line before v1.14.7, with default configuration using CRDs to store Cilium state and enabling WireGuard transparent encryption. The issue causes traffic to/from the Ingress and health endpoints to be unencrypted. There is no workaround. The remediation is ...

CVE-2024-25630 Cilium has unencrypted ingress/health traffic when using Wireguard transparent encryption

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

PT-2024-21050 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions 1.14 through 1.14.6 Description: The issue affects Cilium users who are using CRDs to store Cilium state and Wireguard transparent encryption. Traffic to and from the Ingress and health endpoints is not encrypted. This issue...

Misconfigured Kubeflow workloads are a security risk

Azure Security Center ASC monitors and defends thousands of Kubernetes clusters running on top of AKS. Azure Security Center regularly searches for and research for new attack vectors against Kubernetes workloads. We recently published a blog post about a large scale campaign against Kubernetes...