20 matches found
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: cert-manager-istio-csr, flux-image-automation-controller, azurefile-csi, docker-compose, blob-csi, zot, argo-cd, kubescape-operator, knative-serving, kubernetes-csi-external-snapshotter, boring-registry, zarf, cloud-provider-azure, grafana-image-renderer,...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: cert-manager-istio-csr, flux-image-automation-controller, azurefile-csi, docker-compose, blob-csi, zot, argo-cd, kubescape-operator, knative-serving, kubernetes-csi-external-snapshotter, boring-registry, zarf, cloud-provider-azure, grafana-image-renderer,...
SUSE CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
EUVD-2026-21150
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering...
GHSA-H9CX-XJG6-5V2W Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...
CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109
CVE-2026-40109 affects Flux notification-controller (GitOps Toolkit) prior to version 1.8.3. The vulnerability lies in the gcr Receiver type not validating the email claim of Google OIDC tokens used for Pub/Sub push authentication, allowing any valid Google-issued token to authenticate against th...
GHSA-9H8M-3FM2-QJRQ vulnerabilities
Vulnerabilities for packages: fulcio-fips, opentofu-fips, gatekeeper-fips, tfsec, ceph-csi-operator-fips, sftpgo, scorecard, telegraf, flux-notification-controller-fips, azure-service-operator, coredns, docker-compose-fips, gogatekeeper, kyverno-policy-reporter-plugins-kyverno-fips, kubevela-fips...
GHSA-7WRW-R4P8-38RX vulnerabilities
Vulnerabilities for packages: temporal-ui-server, nri-nginx, thanos-operator, vendir, src-fingerprint, redka, vault-k8s, timoni, amazon-k8s-cni, kubernetes-release, hcloud, sftpgo-plugin-eventsearch, dive, terraform-docs, opa-envoy, prometheus-pushgateway, go-md2man, k6, prometheus-alertmanager,...
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: fulcio-fips, php-fpmexporter, vertical-pod-autoscaler-fips, rabbitmq-default-user-credential-updater, kubernetes-dashboard-metrics-scraper, kubernetes, tfsec, cilium-fips, http-echo, prometheus-alertmanager-fips, cfssl, scorecard, litefs, coredns, tigera-operator-fip...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: fulcio-fips, php-fpmexporter, newrelic-infrastructure-agent, kubernetes-dashboard-metrics-scraper, up, kubernetes, cilium-fips, crossplane-provider-azure-authorization, prometheus-alertmanager-fips, cfssl, scorecard, crossplane-provider-azure-managedidentity, litefs,...
GHSA-3F2Q-6294-FMQ5 vulnerabilities
Vulnerabilities for packages: argo-workflows, argo-events-fips, melange, argo-events, pulumi-kubernetes-operator, flux-notification-controller, task, snyk-cli...
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, snyk-cli, argo-workflows, task, argo-events, flux-notification-controller, melange...
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: argo-workflows, argo-events-fips, melange, argo-events, pulumi-kubernetes-operator, flux-notification-controller, task, snyk-cli...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner-fips, prometheus-stackdriver-exporter, terraform-provider-sendgrid-fips, prometheus-blackbox-exporter, kubernetes-csi-livenessprobe, metrics-server-fips, up, aactl, prometheus-adapter-fips, kubevela, spark-operator, k3d, falco,...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: aactl, src, terraform-provider-sendgrid, prometheus-blackbox-exporter, slsa-verifier, kubeflow, kubevela, buildkitd, k3d, dgraph, up, scorecard, spark-operator, cortex, kubescape, falco...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: buildkitd, cosign, stakater-reloader, envoy-ratelimit, gomplate, kubeflow, bom, memcached-exporter, mc, secrets-store-csi-driver, amass, gobuster, ollama, gitness, git-lfs, ko, kots, weaviate, frp, flux-helm-controller, nri-prometheus, flux-kustomize-controller,...