[SECURITY] Fedora 43 Update: kubernetes1.32-1.32.10-2.fc43

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

Malicious Package

Overview kubernetes-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in kubernetes-agent (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9a4b692caa3f8338714f328c98056f66d6f55d9c20cc04a47b4884dd8cbb9d7 Any computer that has this package installed or running should be considered...

MAL-2025-48697 Malicious code in kubernetes-agent (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9a4b692caa3f8338714f328c98056f66d6f55d9c20cc04a47b4884dd8cbb9d7 Any computer that has this package installed or running should be considered...

EUVD-2020-5617

Malware in sbrugna...

EUVD-2023-59232

Malicious code in bioql PyPI...

EUVD-2024-50095

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-9693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5...

Linux Distros Unpatched Vulnerability : CVE-2023-7045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this...

[SECURITY] Fedora 41 Update: kubernetes1.31-1.31.12-1.fc41

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

CVE-2023-7045

A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server KAS...

CVE-2020-13358

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: =13.4, =13.3, =13.5, 13.5.2...

CVE-2024-9693

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations...

MAL-2024-11209 Malicious code in kubernetes-agent-nfs-watchdog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db3ebdf02f1505d57c21836cf1054215450cdbd8b35ae587c8fdf1c0c59ac85f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in kubernetes-agent-nfs-watchdog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db3ebdf02f1505d57c21836cf1054215450cdbd8b35ae587c8fdf1c0c59ac85f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BIT-GITLAB-2024-9693 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 16.0 to 17.5.2. The vulnerabilities are in multiple versions of GitLab CE/EE and allow malicious actors to gain unauthorized full API access via the Device OAuth flow. This can lead to serious implications for organization...

UBUNTU-CVE-2024-9693

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations...

CVE-2024-9693 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations...

CVE-2024-9693

CVE-2024-9693 affects GitLab CE/EE: versions 16.0–16.3.x up to 17.3.7, 17.4 up to 17.4.3, and 17.5 up to 17.5.1 are vulnerable to an unauthorized access issue targeting the Kubernetes agent in certain cluster configurations. The root cause is an incorrect/insufficient authorization flow that coul...