Lucene search
K

22 matches found

RedHat Linux
RedHat Linux
added 5 days ago12 views

Critical: Red Hat Security Advisory: Cluster Observability Operator 1.5.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...

9.8CVSS6.7AI score0.03732EPSS
Exploits18References44
OSV
OSV
added 2026/06/24 11:7 a.m.5 views

BIT-NGINX-GATEWAY-FABRIC-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS6AI score0.00567EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 4:39 p.m.4 views

Improper Neutralization of Equivalent Special Elements

Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements via the NGINX configuration generator component. An attacker can inject arbitrary NGINX configuration directives by supplying crafted values to the serverTokens or extraAuthArgs...

8.6CVSS5.9AI score0.00567EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 4:39 p.m.4 views

Improper Neutralization of Equivalent Special Elements

Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements via the NGINX configuration generator component. An attacker can inject arbitrary NGINX configuration directives by supplying crafted values to the serverTokens or extraAuthArgs...

8.6CVSS5.9AI score0.00567EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.22 views

CVE-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.00567EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 2:4 p.m.71 views

CVE-2026-11311

CVE-2026-11311 affects NGINX Gateway Fabric when used with NGINX Plus. The vulnerability resides in the NGINX configuration generator: user-supplied values from the NginxProxy CRD serverTokens field and the AuthenticationFilter CRD extraAuthArgs field are rendered directly into NGINX configuratio...

8.6CVSS5.6AI score0.00567EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50429

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component when NGINX Plus is used as the data plane. User-supplied string values from the serverTokens field of the...

8.6CVSS6AI score0.00567EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/15 2:53 p.m.15 views

Important: Red Hat Security Advisory: Cluster Observability Operator 1.5.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...

9.9CVSS6.5AI score0.01186EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:4 p.m.6 views

CVE-2026-10840

A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...

9.6CVSS5.8AI score0.00168EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/17 2:16 p.m.6 views

Important: Red Hat Security Advisory: Cluster Observability Operator 1.4.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.4 release of COO...

8.2CVSS5.8AI score0.01535EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/12 4:21 p.m.6 views

Important: Red Hat Security Advisory: Cluster Observability Operator 1.3.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.3 release of COO...

9.4CVSS6.8AI score0.01735EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.3 views

CVE-2024-56514

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

5.3CVSS6.9AI score0.00696EPSS
Exploits0References1
NVD
NVD
added 2025/01/03 5:15 p.m.46 views

CVE-2024-56514

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

5.3CVSS0.00696EPSS
Exploits0References5
CVE
CVE
added 2025/01/03 4:15 p.m.72 views

CVE-2024-56514

CVE-2024-56514 describes a TarSlip vulnerability in Karmada prior to v1.12.0 where CRDs downloaded from a filesystem path or HTTP(S) URL could be extracted from a gzipped tarfile and write arbitrary files. The flaw occurs when karmadactl or karmada-operator processes CRD archives during initializ...

5.3CVSS6.5AI score0.00696EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/01/03 4:15 p.m.26 views

Karmada Tar Slips in CRDs archive extraction

Impact What kind of vulnerability is it? Who is impacted? Both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resource definitionsCRDs needed by karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a...

5.3CVSS6.8AI score0.00696EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/03 12:0 a.m.6 views

PT-2025-1149 · Karmada +1 · Karmada +1

Name of the Vulnerable Software and Affected Versions: Karmada versions prior to 1.12.0 Description: Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. The system is vulnerable to a TarSlip vulnerability,...

9.9CVSS6.2AI score0.75197EPSS
Exploits5References66
SUSE CVE
SUSE CVE
added 2023/03/15 3:37 a.m.1 views

SUSE CVE-2022-3162

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS7.1AI score0.01191EPSS
Exploits0References4
OSV
OSV
added 2023/03/01 7:15 p.m.4 views

AZL-31287 CVE-2022-3162 affecting package kubernetes for versions less than 1.25.4-0

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS7AI score0.01191EPSS
Exploits0References1
OSV
OSV
added 2023/03/01 7:15 p.m.7 views

AZL-13782 CVE-2022-3162 affecting package kube-vip-cloud-provider for versions less than 0.0.2-21

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS7AI score0.01191EPSS
Exploits0References1
OSV
OSV
added 2023/03/01 7:15 p.m.1 views

UBUNTU-CVE-2022-3162

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS7AI score0.01191EPSS
Exploits0References2
Rows per page
Query Builder