Lucene search
K

21 matches found

Wolfi
Wolfi
added 6 days ago5 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-s3, kyverno, guac, traefik, flux-image-automation-controller, terragrunt, k3s, tkn, dagger, nfpm, falcoctl, atlantis, containerd, cilium-cli, step-issuer, step-kms-plugin, tw, loki, policy-controller, crossplane-provider-family-azure,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 6 days ago6 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: kyverno, guac, flux-image-automation-controller, terragrunt, k3s, tkn, dagger, nfpm, falcoctl, atlantis, containerd, cilium-cli, step-issuer, step-kms-plugin, loki, policy-controller, crossplane-provider-family-azure, argocd-image-updater, pulumi-language-java,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/06/19 8:24 p.m.16 views

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: traefik, coredns, kyverno, blob-csi, hydra, tailscale, trivy, flux-image-automation-controller, linkerd2, dagdotdev, k3s, tkn, dagger, falcoctl, grafana, jitsucom-bulker, containerd, calico, flux-helm-controller, kube-logging-operator, kuberay-operator, step-issuer,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/06/19 8:24 p.m.11 views

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: traefik, coredns, kyverno, blob-csi, hydra, tailscale, trivy, flux-image-automation-controller, linkerd2, dagdotdev, k3s, tkn, dagger, falcoctl, grafana, jitsucom-bulker, containerd, calico, flux-helm-controller, kube-logging-operator, kuberay-operator, step-issuer,...

5.3CVSS5.8AI score0.00237EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.6 views

SUSE CVE-2026-40109

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 8:18 p.m.2 views

GHSA-H9CX-XJG6-5V2W Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 8:18 p.m.4 views

EUVD-2026-21150

Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/10 8:18 p.m.5 views

Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/09 9:16 p.m.2 views

CVE-2026-40109

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS0.00127EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/09 9:6 p.m.3 views

CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 9:6 p.m.21 views

CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 9:6 p.m.8 views

CVE-2026-40109

CVE-2026-40109 affects Flux notification-controller (GitOps Toolkit) prior to version 1.8.3. The vulnerability lies in the gcr Receiver type not validating the email claim of Google OIDC tokens used for Pub/Sub push authentication, allowing any valid Google-issued token to authenticate against th...

3.1CVSS5.9AI score0.00127EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/02/28 7:17 p.m.6 views

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: cloudprober, beats-fips, src, conftest, gatekeeper, cass-operator, grafana, kubernetes-csi-external-provisioner, cerbos, loki, gomplate, seaweedfs, teleport-operator-fips, cri-tools, envoy-gateway-fips, azure-service-operator, minio-fips, vitess,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.15 views

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: postgres-operator, flux-image-automation-controller, dagdotdev, volume-modifier-for-k8s, delve, sftpgo-plugin-geoipfilter, trillian, multus-cni, atlantis, vault-k8s, yunikorn-web, gcp-compute-persistent-disk-csi-driver, policy-controller, prometheus-blackbox-exporter...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2024/03/05 11:15 p.m.76 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: logstash-exporter-fips, sonobuoy, src, conftest, mc, prometheus-operator-fips, cass-operator, prometheus-blackbox-exporter, kubernetes-csi-external-provisioner, flux-image-automation-controller, gomplate, supercronic, prometheus-beat-exporter-fips,...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
Chainguard
Chainguard
added 2023/11/18 12:30 a.m.17 views

GHSA-3F2Q-6294-FMQ5 vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, snyk-cli, argo-events-fips, argo-workflows, flux-notification-controller, melange, argo-events, task...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2023/11/18 12:15 a.m.586 views

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: melange, snyk-cli, pulumi-kubernetes-operator, argo-events, task, flux-notification-controller, argo-workflows...

7.5CVSS6.4AI score0.0085EPSS
Exploits1
Chainguard
Chainguard
added 2023/11/18 12:15 a.m.54 views

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, snyk-cli, argo-events-fips, argo-workflows, flux-notification-controller, melange, argo-events, task...

7.5CVSS6.4AI score0.0085EPSS
Exploits1
Wolfi
Wolfi
added 2023/10/25 9:17 p.m.176 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: prometheus-blackbox-exporter, aactl, falco, dgraph, slsa-verifier, spark-operator, up, kubeflow, k3d, src, scorecard, terraform-provider-sendgrid, buildkitd, cortex, kubevela, kubescape...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2023/10/25 9:17 p.m.83 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: cortex, dgraph, src, kube-oidc-proxy, kubernetes-csi-livenessprobe, smarter-device-manager-fips, cluster-autoscaler-fips, prometheus-blackbox-exporter, kubeflow, bank-vaults-fips, terraform-provider-sendgrid-fips, vault-csi-provider, aactl, kiam, scorecard, falco,...

5.8AI score
Exploits0
Rows per page
Query Builder