Lucene search
K

5 matches found

OSV
OSV
added 2026/06/19 8:51 p.m.6 views

GHSA-FCW4-WWQM-M8CF Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName

We have released version 5.24.0 of the Grafana Operator. This patch includes a MODERATE severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

6.4CVSS5.9AI score0.00361EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/13 6:7 a.m.3 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go‎ that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/06 3:31 p.m.5 views

EUVD-2026-19269

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

4.3CVSS5.9AI score0.00204EPSS
Exploits1References3
NVD
NVD
added 2026/04/06 3:17 p.m.9 views

CVE-2026-31150

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

4.3CVSS0.00204EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.7 views

PT-2026-30611

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

5.9AI score0.00204EPSS
Exploits1References3
Rows per page
Query Builder