Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/05/13 8:4 a.m.41 views

CVE-2026-41050 Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...

9.9CVSS0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 8:4 a.m.25 views

CVE-2026-41050

CVE-2026-41050 describes a multi-tenant isolation failure in Fleet’s Helm deployer where ServiceAccount impersonation was not consistently applied in two code paths, causing the Helm template engine to run Kubernetes API queries and read Secret/ConfigMap references with the fleet-agent’s cluster-...

9.9CVSS5.9AI score0.00379EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 8:4 a.m.10 views

CVE-2026-41050 Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...

9.9CVSS5.9AI score0.00379EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 1:26 a.m.6 views

GHSA-765J-QFRP-HM3J Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Impact Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo. Helm lookup bypass: The Helm template...

9.9CVSS5.8AI score0.00379EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 1:26 a.m.12 views

Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Impact Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo. Helm lookup bypass: The Helm template...

9.9CVSS5.8AI score0.00379EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder