Lucene search
K

38 matches found

Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: snyk-cli, chisel, pulumi-language-yaml, terragrunt, crossplane-provider-aws-s3, ksops, crossplane-provider-aws-eks, crossplane-provider-aws-kms, gomplate, src, wolfictl, caddy, crossplane-provider-aws-lambda, crossplane-provider-aws-dynamodb, fulcio, docker-compose,...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/05/21 8:33 p.m.4 views

Incorrect Authorization

Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Incorrect Authorization through the CallTool handler in src/index.ts. An attacker can invoke disallowed Kubernetes tools and perform destructive...

8.8CVSS5.9AI score0.00376EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 8:33 p.m.17 views

MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

Summary mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer tools/list but not ...

8.8CVSS6AI score0.00376EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/21 8:33 p.m.6 views

GHSA-CR22-WJX7-2W6M MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

Summary mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer tools/list but not ...

8.8CVSS6AI score0.00376EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.17 views

PT-2026-42619

Summary mcp-server-kubernetes exposes three environment variables ALLOW ONLY READONLY TOOLS, ALLOW ONLY NON DESTRUCTIVE TOOLS, ALLOWED TOOLS documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer tools/list...

8.8CVSS6AI score
Exploits0References3
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.7 views

CVE-2026-35469 vulnerabilities

Vulnerabilities for packages: kubevela, zarf-fips, k8sgpt-operator, terraform-provider-kubernetes-fips, eck-operator-fips, trident-fips, rancher, terraform-provider-kubernetes, k9s-fips, cert-manager-istio-csr, argocd-image-updater, kcp-fips, redis-operator-fips, trivy-fips, sonobuoy-fips,...

8.7CVSS6.1AI score0.00656EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.9 views

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver, configmap-reload, croc, nri-cassandra, mockery, nri-memcached, go-jsonnet, k8ssandra-operator, openbao-k8s, authservice, velero-plugin-for-microsoft-azure, neuvector-dbgen, renovate, telegraf, cluster-autoscaler, manifest-tool,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.8 views

GHSA-GJVH-7JH8-7XHM vulnerabilities

Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver, configmap-reload, croc, mockery, k8ssandra-operator, openbao-k8s, authservice, neuvector-dbgen, telegraf, cluster-autoscaler, manifest-tool, kube-arangodb, mountpoint-s3-csi-driver, terraform-provider-aws, azure-service-operato...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/03/31 7:48 a.m.21 views

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: snyk-cli, pulumi-language-yaml, trufflehog, crossplane, rancher-fleet, kubescape, xeol, flux-source-controller, flux-image-automation-controller, nuclei, gomplate, wolfictl, gitaly, scorecard, apko, external-secrets-operator, grafana, grafana-alloy, melange, nfpm,...

2.8CVSS6.1AI score0.00153EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/10 1:17 p.m.8 views

CVE-2026-27139 vulnerabilities

Vulnerabilities for packages: packer-fips, terraform-provider-pagerduty-fips, gcp-compute-persistent-disk-csi-driver-fips, kube-fluentd-operator, langfuse-fips, prometheus-elasticsearch-exporter-fips, sbom-scorecard, redpanda, eck-operator-fips, policy-bot, ipfs-cluster-fips, minc,...

2.5CVSS6.7AI score0.00201EPSS
Exploits0
Chainguard
Chainguard
added 2025/12/07 7:17 p.m.18 views

CVE-2025-61727 vulnerabilities

Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver-fips, kube-fluentd-operator, eck-operator-fips, pulumi-kubernetes-operator, grafana-pyroscope, grpcurl-fips, nvidia-nsight-compute-13.1, whereabouts-fips, crossplane-provider-sql-fips, dataplaneapi-fips, promxy-fips,...

6.5CVSS6.8AI score0.00274EPSS
Exploits0
Wolfi
Wolfi
added 2025/11/02 2:17 p.m.9 views

CVE-2025-58187 vulnerabilities

Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver, configmap-reload, mockery, distribution, openbao-k8s, velero-plugin-for-microsoft-azure, neuvector-dbgen, renovate, telegraf, cluster-autoscaler, manifest-tool, wuzz, pulumi-language-java, aws-node-termination-handler, gobump,...

7.5CVSS6.7AI score0.00384EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-15127

Malware in sbrugna...

7.8CVSS7.4AI score0.0228EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-18811

Malware in sbrugna...

7.8CVSS7.2AI score0.01998EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/01 1:50 a.m.4 views

Malicious code in vscode-kubernetes-tools (npm)

The package communicates with a domain associated with malicious activity...

7AI score
Exploits0
OSV
OSV
added 2025/08/01 1:50 a.m.3 views

MAL-2025-6779 Malicious code in vscode-kubernetes-tools (npm)

The package communicates with a domain associated with malicious activity...

7.1AI score
Exploits0
OSV
OSV
added 2025/07/08 8:47 p.m.5 views

GHSA-GJV4-GHM7-Q58Q MCP Server Kubernetes vulnerable to command injection in several tools

Summary A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to...

7.5CVSS8.4AI score0.08088EPSS
Exploits0References7
Chainguard
Chainguard
added 2025/06/14 1:15 p.m.18 views

GHSA-6F52-WPX2-HVF2 vulnerabilities

Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver-fips, kube-fluentd-operator, prometheus-elasticsearch-exporter-fips, sbom-scorecard, eck-operator-fips, esbuild, spire-server, spire-controller-manager-fips, temporal-server-fips, chart-testing, grafana-pyroscope, tflint,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2024/12/18 9:15 p.m.130 views

CVE-2024-45338 vulnerabilities

Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver, croc, crossplane-provider-aws-s3, crossplane-provider-aws-eks, src, distribution, k8ssandra-operator, openbao-k8s, thanos, authservice, velero-plugin-for-microsoft-azure, docker-compose, crossplane-provider-aws,...

5.3CVSS6.7AI score0.00874EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/03/31 2:16 a.m.5 views

Malicious code in k8s-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ccbda1c33a268bb1641ff4dc9ed60a84c28d96d167768dc09e6258fb96d697c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder