Lucene search
K

7 matches found

Snyk
Snyk
added 2026/04/16 9:38 p.m.29 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:38 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 12:31 a.m.5 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization due to the serviceAccountRegex matcher in pilot/pkg/security/authz/model/generator.go. An attacker can gain access to workloads protected by AuthorizationPolicy rules by presenting a SPIFFE identity whose namespa...

7.1CVSS5.7AI score0.00209EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2022/11/29 12:0 a.m.54 views

kubernetes security update

kubernetes 1.21.14-3 - Addresses CVE-2022-3294 & CVE-2022-3162 1.21.14-2 - Fixed kubernetes-cni version. 1.21.14-1 - Addresses CVE-2022-3172 olcne 1.4.9-2 - Fix 1.21 kubernetes version to align with last upstream release 1.4.9-1 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21...

10CVSS0.1AI score0.02701EPSS
Exploits2
Oracle linux
Oracle linux
added 2022/07/12 12:0 a.m.155 views

olcne security update

olcne 1.5.4-3 - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over 1.5.4-2 - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 1.5.4-1 - Upgrade Kubernetes to 1.23.7 1.5.3-1 - Address qemu...

10CVSS8AI score0.02701EPSS
Exploits1
CVE
CVE
added 2022/03/10 8:45 p.m.780 views

CVE-2022-24726

The CVE-2022-24726 entry affects Istio’s control plane (istiod) where a request processing error in the validating webhook, exposed publicly on TLS port 15017, can crash the control plane when a specially crafted message is processed. Affected versions have been patched in Istio releases 1.13.2, ...

7.5CVSS7.6AI score0.01529EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/01/19 9:40 p.m.113 views

CVE-2022-21701

Istio CVE-2022-21701 affects Istio releases 1.12.0 and 1.12.1. The issue is a privilege escalation via the Kubernetes Gateway API: users with CREATE permissions on gateways.gateway.networking.k8s.io can elevate privileges to create resources they wouldn’t normally access (e.g., Pod). Impact is li...

8.8CVSS7AI score0.00767EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder