16 matches found
CVE-2026-29955
The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...
EUVD-2026-22037
The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...
CVE-2026-29955
The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...
CVE-2026-29955
CVE-2026-29955 affects KubePlus 4.14 (kubeconfiggenerator) /registercrd. The root cause is command injection via an unsanitized chartName that is directly concatenated into a shell command executed with subprocess.Popen(shell=True). This can allow arbitrary shell commands to be executed if a mali...
PT-2026-32490
Name of the Vulnerable Software and Affected Versions KubePlus version 4.14 Description The '/registercrd' endpoint in the kubeconfiggenerator component is susceptible to command injection. The issue occurs because the component utilizes the subprocess.Popen function with the shell=True parameter...
CVE-2026-29955
The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...
KubePlus 安全漏洞
KubePlus is an open-source Kubernetes multi-tenant application management platform developed by cloud-ark. Version 4.14 of KubePlus contains a security vulnerability. This vulnerability stems from the /registercrd endpoint in the kubeconfiggenerator component, which fails to clean up or validate...
CVE-2026-29955
The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...
CVE-2026-29954
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...
EUVD-2026-17133
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...
CVE-2026-29954
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...
CVE-2026-29954
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator are affected by an SSRF vulnerability via the chartURL field of ResourceComposition resources. The field is only URL-encoded, with no validation of the target address. More critically, kubeconfiggenerator concatenates the chartURL di...
CVE-2026-29954
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...
KubePlus 安全漏洞
KubePlus is a Kubernetes multi-tenant application management platform developed by cloud-ark. KubePlus 4.1.4 contains security vulnerabilities, which stem from server-side request forgery and command injection during the processing of the chartURL field by the mutating webhook and...
CVE-2026-29954
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...
CVE-2026-29954
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...