Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/14 4:20 p.m.11 views

EUVD-2026-30331

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/07 2:34 a.m.9 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via inadequate validation of the Origin header during WebSocket connection upgrades. An attacker can gain unauthorized access to sensitive log data by convincing an authenticated user to visit a...

6.9CVSS5.8AI score0.0017EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 2:34 a.m.19 views

Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users

Summary Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. Thi...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.21 views

PT-2026-38411

Name of the Vulnerable Software and Affected Versions Kubetail Dashboard versions prior to 0.14.0 Kubetail Helm Chart versions prior to 0.23.0 Kubetail CLI versions prior to 0.16.0 Description Kubetail's dashboard exposes WebSocket endpoints that do not adequately validate the Origin header durin...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References6
Rows per page
Query Builder