43 matches found
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: aactl, k9s, tflint, gitlab-kas, neuvector-sigstore-interface, syft, kubescape, kubernetes-dashboard, minio, buildah, podman, eksctl, knative-serving, pulumi-language-dotnet, caddy, flux-kustomize-controller, istio, dagger, k8sgpt, nuclei, rancher-agent,...
CVE-2026-34986 vulnerabilities
Vulnerabilities for packages: bento-fips, kube-arangodb-fips, task-fips, cilium, grafana-mimir, vault-secrets-webhook, harbor-registry, dex, grafana-mimir-fips, kube-arangodb, vault-secrets-operator, trivy-fips, neuvector-fips, zot, peerdb-flow, kaniko-fips, sqlexporter, neuvector-scanner-fips,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: aactl, k9s, cert-manager-cmctl, syft, kubescape, cluster-api, pulumi-language-dotnet, flux-kustomize-controller, crossplane-provider-keycloak, dagger, nuclei, crossplane-provider-family-azure, crossplane-provider-aws-memorydb, gptscript, osv-scanner, vcluster,...
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: aactl, k9s, cert-manager-cmctl, syft, kubescape, cluster-api, pulumi-language-dotnet, flux-kustomize-controller, crossplane-provider-keycloak, dagger, nuclei, crossplane-provider-family-azure, crossplane-provider-aws-memorydb, gptscript, osv-scanner, vcluster,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: src-fingerprint, hydra-fips, terraform-fips, crossplane-provider-keycloak, flux-source-controller-fips, crossplane-provider-aws-cloudfront, kots, gitness, xeol-fips, dagger, crossplane-provider-aws-ecr, rancher-fleet, cilium-cli, flux, helm-diff-fips,...
BIT-FLUX-2022-24878 Improper path handling in Kustomization files allows for denial of service
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...
BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...
BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...
EUVD-2022-3043
Malicious code in bioql PyPI...
GHSA-J5PM-7495-QMR3 vulnerabilities
Vulnerabilities for packages: grafana-rollout-operator, harbor-scanner-trivy-fips, neuvector-dbgen, x509-certificate-exporter-fips, local-static-provisioner, buf, vgpu-util, kube-arangodb-fips, gofumpt, flux, mods, git-lfs-fips, cilium, jaeger-operator-fips, docker-machine-driver-harvester,...
CVE-2022-24877
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...
GHSA-32GQ-X56H-299C vulnerabilities
Vulnerabilities for packages: age-fips, ksops, age, flux-kustomize-controller-fips, sops, flux-kustomize-controller, grafana-fips, chezmoi, litestream, sops-fips, grafana...
GO-2022-0260 Privilege escalation to cluster admin on multi-tenant environments in github.com/fluxcd/kustomize-controller
Privilege escalation to cluster admin on multi-tenant environments in github.com/fluxcd/kustomize-controller...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: fulcio, bank-vaults, external-dns, grafana-agent-operator, rclone, tempo, py3-cassandra-medusa, hugo-extended, flyte, kubescape, flux-source-controller, hugo, chezmoi, grafana-mimir, policy-controller, opentelemetry-collector, cosign, flux-image-reflector-controller,...
BIT-KUSTOMIZE-2022-24877 Improper path handling in kustomization files allows path traversal
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...
BIT-KUSTOMIZE-2022-24878 Improper path handling in Kustomization files allows for denial of service
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kubernetes-event-exporter, stakater-reloader, buf, kubernetes-dashboard-fips, flux, cilium, flux-image-reflector-controller, dex, kubeflow-katib, prometheus-node-exporter, aws-ebs-csi-driver, gh, zot, metacontroller, gcsfuse, cass-operator, terraform-provider-sendgri...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: smarter-device-manager-fips, prometheus-stackdriver-exporter, aactl, volume-modifier-for-k8s-fips, terraform-provider-sendgrid, terraform-provider-sendgrid-fips, cortex, kubernetes-csi-livenessprobe, kubeflow, bank-vaults-fips, cluster-autoscaler-fips, conftest-fips,...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: aactl, src, dgraph, kubescape, secrets-store-csi-driver, hugo, nginx-stable, minio, cortex, pulumi-language-dotnet, flux-kustomize-controller, wireguard-go, gobuster, nri-prometheus, buildkitd, ip-masq-agent, newrelic-infrastructure-agent, terraform-provider-azurerm,...
Improper path handling in Kustomization files allows for denial of service
The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user can use a specially crafted kustomization.yaml to cause Denial of Service at controller level. In multi-tenancy deployments this can lead to multiple...