CVE-2026-10840

A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...

EUVD-2025-203383

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...

Linux Distros Unpatched Vulnerability : CVE-2022-3162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group withou...

CVE-2025-8415

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment. Mitigation...

RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7398 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHCOS 4 : OpenShift Container Platform 4.12.4 (RHSA-2023:0772)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0772 advisory. - kubernetes: Unauthorized read of Custom Resources CVE-2022-3162 Note that Nessus has not tested for this issue but has instead relied only ...

OESA-2023-1415 kubernetes security update

Container cluster management. Security Fixes: Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are...

Unauthorized read of Custom Resources

...

AZL-13783 CVE-2022-3162 affecting package rook for versions less than 1.6.2-25

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

CVE-2022-3162 Unauthorized read of Custom Resources

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

CVE-2022-3162 Unauthorized read of Custom Resources

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

CVE-2022-3162

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

kubernetes: Unauthorized read of Custom Resources

A flaw was found in kubernetes. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...

Information Disclosure

openshift is vulnerable to Information Disclosure. Users authorized to list or watch one type of namespaced custom resource, cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...

Oracle Linux 7 : kubernetes (ELSA-2022-10033)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10033 advisory. - Addresses CVE-2022-3294 & CVE-2022-3162 - Addresses CVE-2022-3172 olcne - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21 - Resolv...

CVE-2022-3162

A flaw was found in kubernetes. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...

Kubernetes 路径遍历漏洞

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. A security vulnerability exists in Kubernetes kube-apiserver, which stems from the fact that an attacker can read sensitive...

PT-2022-5431 · Unknown +3 · Kubernetes +2

Name of the Vulnerable Software and Affected Versions: Kubernetes affected versions not specified Description: The issue is related to insufficient access control in Kubernetes, allowing users authorized to list or watch one type of namespaced custom resource cluster-wide to read custom resources...

GHSA-9M49-VHWV-422G Smarty PHP code injection

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

Smarty PHP code injection

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...