SUSE CVE-2025-62714

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

GO-2025-4072 Karmada Dashboard API Unauthorized Access Vulnerability in github.com/karmada-io/dashboard

Karmada Dashboard API Unauthorized Access Vulnerability in github.com/karmada-io/dashboard...

CVE-2025-62714

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

Karmada Dashboard 安全漏洞

Karmada Dashboard is a web user interface from karmada-io open source. A security vulnerability exists in versions of Karmada Dashboard prior to 0.2.0 that stems from a back-end API endpoint that does not enforce authentication, which could lead to unauthenticated users accessing sensitive cluste...

CVE-2025-62714

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

CVE-2025-62714 Karmada Dashboard API Unauthorized Access Vulnerability

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

CVE-2025-62714 Karmada Dashboard API Unauthorized Access Vulnerability

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

CVE-2025-62714 Karmada Dashboard API Unauthorized Access Vulnerability

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

EUVD-2025-35859

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

CVE-2025-62714

Karmada Dashboard had an API authentication bypass before v0.2.0. The backend endpoints (e.g., /api/v1/secret, /api/v1/service) did not enforce authentication, allowing unauthenticated users to access sensitive cluster data (Secrets and Services) directly, even though the web UI required a JWT. A...

GHSA-5QJG-9MJH-4R92 Karmada Dashboard API Unauthorized Access Vulnerability

Impact This is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not enforce authentication, allowing unauthenticated users to access sensitive cluster information such as Secrets and Services directly. Althoug...

PT-2025-43651

Name of the Vulnerable Software and Affected Versions Karmada Dashboard versions prior to 0.2.0 Description The Karmada Dashboard, a web-based control panel for the Karmada multi-cluster management project, contains an authentication bypass. Backend API endpoints, such as /api/v1/secret and...

EUVD-2025-0035

Malicious code in bioql PyPI...

EUVD-2025-0023

Malicious code in bioql PyPI...

CVE-2024-56514

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

CVE-2024-56513

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources...

CVE-2024-33396

An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

Privilege Escalation

github.com/karmada-io/karmada is vulnerable to Privilege Escalation. The vulnerability is due to pull mode clusters being registered with excessive access to control plane resources via the karmadactl register command, allowing them excessive privileges to control plane resources...

SUSE CVE-2024-56513

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources...

SUSE CVE-2024-56514

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...