CVE-2026-33210 vulnerabilities

Vulnerabilities for packages: logstash, ruby3.4-fluentd-kubernetes-daemonset, ruby3.4-rails, cinc-auditor, ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails, ruby, ruby3.3-fluentd-kubernetes-daemonset, ruby3.3-rails, ruby3.2-rails, ruby3.2-fluentd-kubernetes-daemonset, gitlab-cng...

CVE-2024-49761 vulnerabilities

Vulnerabilities for packages: ruby3.1-fluentd-kubernetes-daemonset, logstash, kube-fluentd-operator, ruby3.4-fluentd-kubernetes-daemonset, jruby, ruby, ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset...

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

A large-scale attack campaign discovered in the wild has been exploiting Kubernetes K8s Role-Based Access Control RBAC to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm...

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

A large-scale attack campaign discovered in the wild has been exploiting Kubernetes K8s Role-Based Access Control RBAC to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm...