19 matches found
EUVD-2026-36641
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName...
GHSA-FCW4-WWQM-M8CF Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName
We have released version 5.24.0 of the Grafana Operator. This patch includes a MODERATE severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...
CVE-2026-11769
We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...
CVE-2026-11769 Operator - Namespaced User Path Traversal
We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...
CVE-2026-11769 Operator - Namespaced User Path Traversal
We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...
CVE-2026-11769
Grafana Operator CVE-2026-11769 affects all versions
PT-2026-49078
Name of the Vulnerable Software and Affected Versions Grafana Operator versions prior to 5.24.0 Description A path traversal and privilege escalation issue exists when loading dashboards and library panels using the jsonnet data templating language. Because the jsonnet expression is evaluated...
CVE-2026-33810 vulnerabilities
Vulnerabilities for packages: dkron, mariadb-operator-fips, flux-image-reflector-controller, smokescreen, nemo, dapr-fips, flux-image-automation-controller, spire-server, polaris, atlas-fips, goreleaser, nova, volume-modifier-for-k8s-fips, supercronic, nginx-kubernetes-ingress-fips,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: dkron, mariadb-operator-fips, flux-image-reflector-controller, smokescreen, nemo, dapr-fips, flux-image-automation-controller, spire-server, polaris, atlas-fips, goreleaser, nova, volume-modifier-for-k8s-fips, supercronic, nginx-kubernetes-ingress-fips,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: bento, helm, knative-serving-fips, filebrowser, nats, kubescape-server-fips, cilium, crane-fips, dask-gateway, kubescape, terraform-fips, cilium-cli, kubernetes, dex-fips, syncthing-fips, envconsul-fips, cephcsi, kubescape-server, istio-fips, karpenter, buildah, triv...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: bento, helm, knative-serving-fips, filebrowser, nats, kubescape-server-fips, cilium, crane-fips, dask-gateway, kubescape, terraform-fips, cilium-cli, kubernetes, dex-fips, syncthing-fips, envconsul-fips, cephcsi, kubescape-server, istio-fips, karpenter, buildah, triv...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: hubble-ui-backend-fips, cert-manager-openshift-routes-fips, certificate-transparency-fips, crossplane-provider-azure-storage, kafka-proxy, neuvector-fips, policy-bot, kiali-fips, knative-storage-migrate-fips, bento, flux-image-automation-controller,...
GHSA-JRG3-GFJW-HM96 vulnerabilities
Vulnerabilities for packages: hubble-ui-backend-fips, cert-manager-openshift-routes-fips, certificate-transparency-fips, crossplane-provider-azure-storage, kafka-proxy, neuvector-fips, policy-bot, kiali-fips, knative-storage-migrate-fips, bento, flux-image-automation-controller,...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: flannel-cni-plugin-fips, neuvector-fips, kiali-fips, bento, prometheus-postgres-exporter, crossplane-provider-aws-kinesis-fips, cinder-csi-plugin-fips, xcaddy, temporal-ui-server, cfssl, cilium, kafkaexporter-fips, kubernetes, dex-fips, opencost,...
GHSA-GJVH-7JH8-7XHM vulnerabilities
Vulnerabilities for packages: hubble-ui-backend-fips, cert-manager-openshift-routes-fips, certificate-transparency-fips, crossplane-provider-azure-storage, kafka-proxy, neuvector-fips, policy-bot, kiali-fips, knative-storage-migrate-fips, bento, flux-image-automation-controller,...
CVE-2026-32280 vulnerabilities
Vulnerabilities for packages: hubble-ui-backend-fips, cert-manager-openshift-routes-fips, certificate-transparency-fips, crossplane-provider-azure-storage, kafka-proxy, neuvector-fips, policy-bot, kiali-fips, knative-storage-migrate-fips, bento, flux-image-automation-controller,...
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: bazelisk, nri-cassandra, rqlite, actions-runner-controller, temporal-server, helm-operator, nats, nri-haproxy, kubernetes-event-exporter, ytt, terraform-docs, kaf, petname, goreleaser, paranoia, vault-k8s, gops, nri-mongodb, kyverno-policy-reporter-kyverno-plugin,...