26 matches found
SUSE CVE-2026-25538
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
CVE-2026-25538
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
GO-2026-4416 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage in github.com/devtron-labs/devtron
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage in github.com/devtron-labs/devtron...
CVE-2026-25538
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
CVE-2026-25538
Devtron CVE-2026-25538 affects the open-source Devtron Kubernetes integration platform (versions up to 2.0.0). A vulnerability in the Attributes API interface allows any authenticated user to access /orchestrator/attributes?key=apiTokenSecret, exposing the global API Token signing key. With the k...
EUVD-2026-5332
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
CVE-2026-25538 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
CVE-2026-25538 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
CVE-2026-25538
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
CVE-2026-25538 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage Summary This vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
GHSA-8WPC-J9Q9-J5M2 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage Summary This vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
PT-2026-6317
Name of the Vulnerable Software and Affected Versions Devtron versions prior to 2.0.0 Description Devtron is a tool integration platform for Kubernetes. A flaw exists in the Attributes API interface that allows authenticated users to obtain the global API Token signing key by accessing the...
Devtron 安全漏洞
Devtron is an open-source Kubernetes cloud-native tool integration platform developed by Devtron. Versions of Devtron 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper access control in the Attributes API interface, which could lead to the...
CVE-2024-45794
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
SUSE CVE-2024-45794
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
GO-2024-3260 Devtron has SQL Injection in CreateUser API in github.com/devtron-labs/devtron
Devtron has SQL Injection in CreateUser API in github.com/devtron-labs/devtron...
CVE-2024-45794
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
CVE-2024-45794 SQL Injection in CreateUser API in devtron
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
CVE-2024-45794 SQL Injection in CreateUser API in devtron
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...