5 matches found
GHSA-FCW4-WWQM-M8CF Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName
We have released version 5.24.0 of the Grafana Operator. This patch includes a MODERATE severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...
EUVD-2026-19269
Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...
CVE-2026-31150
Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...
PT-2026-30611
Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...