Lucene search
+L

45 matches found

wolfi
wolfi
added 2026/07/02 8:21 p.m.16 views

CVE-2024-7598 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, rancher-system-agent...

3.1CVSS6.2AI score0.00301EPSS
Exploits0
wolfi
wolfi
added 2026/07/02 8:21 p.m.18 views

GHSA-R56H-J38W-HRQQ vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, rancher-system-agent...

6.1AI score
Exploits0
vulnrichment
vulnrichment
added 2026/05/28 4:41 p.m.9 views

CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
github
github
added 2026/05/11 4:15 p.m.10 views

Local Path Provisioner Vulnerable to HelperPod Template Injection

Impact A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC...

8.7CVSS6AI score0.00368EPSS
Exploits0References3Affected Software1
github
github
added 2026/01/06 6:0 p.m.23 views

Bypassing Kyverno Policies via Double Policy Exceptions

Summary If a cluster has a Kyverno policy in enforce mode and there are two exceptions, this allows the policy to be bypassed, even if the first exception is more restrictive than the second. Details The following policy was applied: yaml apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata:...

7AI score
Exploits0References2Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0865

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00217EPSS
Exploits0References9
redhat
redhat
added 2025/09/23 3:24 p.m.6 views

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

8.1CVSS5.8AI score0.01008EPSS
Exploits0References6
nessus
nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-43816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since...

9.1CVSS7.1AI score0.0169EPSS
Exploits1References2
nvd
nvd
added 2024/12/31 3:15 a.m.16 views

CVE-2024-45497

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

7.6CVSS0.00548EPSS
Exploits0References9
wolfi
wolfi
added 2024/07/18 9:30 p.m.9 views

GHSA-82M2-CV7P-4M75 vulnerabilities

Vulnerabilities for packages: spark-operator, argocd-image-updater, local-static-provisioner, cri-tools, aws-efs-csi-driver, kubernetes-dns-node-cache, nodetaint, kubeflow-pipelines, k8s-device-plugin, kubernetes-csi-driver-hostpath, ip-masq-agent...

6.1AI score
Exploits0
wolfi
wolfi
added 2024/07/18 7:15 p.m.21 views

CVE-2024-5321 vulnerabilities

Vulnerabilities for packages: spark-operator, argocd-image-updater, local-static-provisioner, cri-tools, aws-efs-csi-driver, kubernetes-dns-node-cache, nodetaint, kubeflow-pipelines, k8s-device-plugin, kubernetes-csi-driver-hostpath, ip-masq-agent...

6.1CVSS6.7AI score0.00312EPSS
Exploits0
osv
osv
added 2024/07/01 11:18 a.m.19 views

BIT-HUBBLE-UI-2023-27593

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

5.5CVSS5.3AI score0.00217EPSS
Exploits0References6
osv
osv
added 2024/07/01 11:13 a.m.54 views

BIT-CILIUM-PROXY-2023-27593

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

5.5CVSS5.3AI score0.00217EPSS
Exploits0References6
osv
osv
added 2024/05/24 7:23 p.m.10 views

BIT-HUBBLE-RELAY-2023-27593 cilium-agent container can access the host via `hostPath` mount

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

5.5CVSS4.9AI score0.00217EPSS
Exploits0References7
osv
osv
added 2024/05/15 12:8 p.m.52 views

BIT-CILIUM-OPERATOR-2023-27593 cilium-agent container can access the host via `hostPath` mount

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

5.5CVSS4.9AI score0.00217EPSS
Exploits0References7
oraclelinux
oraclelinux
added 2024/04/02 12:0 a.m.37 views

olcne security update

1.8.1-2 - Cleanup spec file 1.8.1-1 - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture -...

5.3CVSS5.4AI score0.01208EPSS
Exploits0
nvd
nvd
added 2023/03/17 8:15 p.m.37 views

CVE-2023-27593

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

5.5CVSS4.9AI score0.00217EPSS
Exploits0References6
cvelist
cvelist
added 2023/03/17 7:51 p.m.38 views

CVE-2023-27593 cilium-agent container can access the host via `hostPath` mount

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

4.4CVSS5.7AI score0.00217EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2023/03/17 7:51 p.m.7 views

CVE-2023-27593 cilium-agent container can access the host via `hostPath` mount

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

4.4CVSS5.5AI score0.00217EPSS
Exploits0References6
osv
osv
added 2023/03/17 6:20 p.m.13 views

GHSA-4HC4-PGFX-3MRX cilium-agent container can access the host via `hostPath` mount

Impact An attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the...

4.4CVSS5.3AI score0.00217EPSS
Exploits0References8
Rows per page
Query Builder