4 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...
CVE-2025-68156 vulnerabilities
Vulnerabilities for packages: kserve, k8sgateway, grafana-alloy, opentelemetry-collector-contrib, kine, keda, vale, tempo, argo-rollouts, argo-cd, datadog-agent, k8sgpt, k3s, jaeger, splunk-otel-collector, kubeflow-pipelines, kargo, argo-workflows, coredns, nats, verticadb-operator,...
GHSA-CFPF-HRX2-8RV6 vulnerabilities
Vulnerabilities for packages: kserve, k8sgateway, grafana-alloy, opentelemetry-collector-contrib, kine, keda, vale, tempo, argo-rollouts, argo-cd, datadog-agent, k8sgpt, k3s, jaeger, splunk-otel-collector, kubeflow-pipelines, kargo, argo-workflows, coredns, nats, verticadb-operator,...
GHSA-CFPF-HRX2-8RV6 vulnerabilities
Vulnerabilities for packages: nrdot-collector-k8s, kubeflow-pipelines, kserve, argo-workflows-fips, jaeger, amazon-cloudwatch-agent, eks-distro, argo-rollouts, grafana-alloy-fips, opentelemetry-collector, keda-fips, opentelemetry-collector-contrib-fips, k3s, k8sgpt, opentelemetry-collector-contri...