42 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...
CLEANSTART-2026-IM73098 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the istio-pilot-discovery package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-XB34574 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the istio-pilot-discovery-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-BL06950 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the istio-pilot-discovery-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-TF52804 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the istio-pilot-discovery-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-CK72347 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the istio-pilot-discovery-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CVE-2022-23635 vulnerabilities
Vulnerabilities for packages: istio-pilot-agent, istio-operator, istio-pilot-discovery, istio-cni...
CVE-2021-39156 vulnerabilities
Vulnerabilities for packages: istio-pilot-agent, istio-operator, istio-pilot-discovery, istio-cni...
GHSA-QCVW-82HH-GQ38 vulnerabilities
Vulnerabilities for packages: istio-pilot-agent, istio-operator, istio-pilot-discovery, istio-cni...
CVE-2022-31045 vulnerabilities
Vulnerabilities for packages: istio-pilot-agent, istio-operator, istio-pilot-discovery, istio-cni...
GHSA-7774-7VR3-CC8J vulnerabilities
Vulnerabilities for packages: istio-pilot-agent, istio-operator, istio-pilot-discovery, istio-cni...
GHSA-XWX5-5C9G-X68X vulnerabilities
Vulnerabilities for packages: istio-pilot-agent, istio-operator, istio-pilot-discovery, istio-cni...
EUVD-2019-11467
Malware in sbrugna...
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: falcoctl, caddy, ko, guac, tekton-chains, policy-controller, vexctl, step-ca, frp, grpc-health-probe, apko, terragrunt, zot, gitsign, kubernetes-dashboard, flux-source-controller, gomplate, kargo, rekor, bank-vaults, argo-workflows, fulcio, dex, nerdctl, dgraph, kots...
CVE-2024-28122 vulnerabilities
Vulnerabilities for packages: minio, minio-fips, external-secrets-fips, falcoctl-fips, falcoctl, mc, falco, spire-server-fips, mc-fips, boring-registry, spire-server, boring-registry-fips, external-secrets-operator...