Lucene search
+L

43 matches found

Wolfi
Wolfi
added 2026/06/26 8:22 p.m.10 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-sql, kubernetes-dashboard, age, kaf, gomplate, slsa-verifier, buildah, act, argo-events, cosign, docker-machine-driver-harvester, gptscript, nuclei, rancher, gatus, zot, cluster-api-azure-controller, grype, kubernetes, cloud-provider-aws,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/04/03 7:17 p.m.10 views

CVE-2026-34986 vulnerabilities

Vulnerabilities for packages: fulcio, telegraf, terraform-provider-acme, k3d, task-fips, commercial-chainloop-backend, vault, gatus, goreleaser, seaweedfs-operator, beats-fips, omni-fips, crossplane-provider-gcp-fips, grype-db, ksops, percona-server-mongodb-operator-fips, k3s, falcosidekick,...

7.5CVSS6.4AI score0.00651EPSS
Exploits0
Wolfi
Wolfi
added 2026/02/26 7:48 p.m.11 views

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-sql, crossplane-provider-aws-sns, gomplate, gptscript, cluster-api, argo-events, nuclei, terraform-provider-pagerduty, zot, grype, pulumi-language-java, cilium-cli, helm-push, sops, witness, pulumi-language-yaml,...

9.8CVSS6.3AI score0.00397EPSS
Exploits0
Wolfi
Wolfi
added 2026/02/26 7:48 p.m.9 views

GHSA-Q9HV-HPM4-HJ6X vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-sql, crossplane-provider-aws-sns, gomplate, gptscript, cluster-api, argo-events, nuclei, terraform-provider-pagerduty, zot, grype, pulumi-language-java, cilium-cli, helm-push, sops, witness, pulumi-language-yaml,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/02/26 7:17 p.m.10 views

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-ec2, flux-fips, crossplane-provider-aws-cloudformation, terraform-provider-azurerm-fips, gomplate-fips, docker, helm, flux-image-automation-controller-fips, tfsec, aactl, cerbos, crossplane-provider-aws-ecr-fips, image-factory, osv-scanner, q,...

9.8CVSS6.3AI score0.00397EPSS
Exploits0
OSV
OSV
added 2025/12/02 5:36 p.m.5 views

BIT-FLUX-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

7.7CVSS6.6AI score0.0095EPSS
Exploits0References2
OSV
OSV
added 2025/12/02 5:36 p.m.6 views

BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS7AI score0.01108EPSS
Exploits0References2
OSV
OSV
added 2025/12/02 5:36 p.m.6 views

BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

9.9CVSS7.3AI score0.01044EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3043

Malicious code in bioql PyPI...

7.7CVSS6.8AI score0.0095EPSS
Exploits0References3
Chainguard
Chainguard
added 2025/08/09 1:17 p.m.71 views

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: fulcio, grafana-rollout-operator, telegraf, k3d, newrelic-fluent-bit-output, kubernetes-dashboard-metrics-scraper-fips, helm, cloud-provider-azure, cert-exporter, kubernetes-dashboard-api-fips, nfs-subdir-external-provisioner, external-dns-fips, vault, gatus,...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 9:42 p.m.10 views

CVE-2022-24877

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS6.8AI score0.01108EPSS
Exploits0References1
Chainguard
Chainguard
added 2024/12/18 6:23 p.m.7 views

GHSA-32GQ-X56H-299C vulnerabilities

Vulnerabilities for packages: chezmoi, flux-kustomize-controller, ksops, flux-kustomize-controller-fips, age-fips, sops-fips, age, grafana-fips, sops, litestream, grafana...

5.3AI score
Exploits0
OSV
OSV
added 2024/08/21 2:30 p.m.13 views

GO-2022-0260 Privilege escalation to cluster admin on multi-tenant environments in github.com/fluxcd/kustomize-controller

Privilege escalation to cluster admin on multi-tenant environments in github.com/fluxcd/kustomize-controller...

9CVSS8.8AI score0.01766EPSS
Exploits1References2
Wolfi
Wolfi
added 2024/06/11 5:16 p.m.115 views

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: pulumi, rclone, step, flux, grafana-agent-operator, timestamp-authority, datadog-agent, bank-vaults, tempo, airflow, hugo, trivy, fluent-bit-plugin-loki, cosign, argo-events, nuclei, opentelemetry-collector-contrib, restic, harbor-registry, zot, boring-registry, flyt...

5.5CVSS6.1AI score0.00788EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:55 a.m.18 views

BIT-KUSTOMIZE-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS9AI score0.01108EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:55 a.m.21 views

BIT-KUSTOMIZE-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

7.7CVSS6.4AI score0.0095EPSS
Exploits0References2
Chainguard
Chainguard
added 2024/03/05 11:15 p.m.80 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: fulcio, k3d, kubernetes-dashboard-metrics-scraper-fips, helm, cert-exporter, nfs-subdir-external-provisioner, osv-scanner, external-dns-fips, goreleaser, kuberay-operator, metrics-server-fips, falco, kwok, k3s, falcosidekick, kube-bench-fips, kubernetes-dns-node-cach...

7.5CVSS6.2AI score0.01262EPSS
Exploits0
Chainguard
Chainguard
added 2023/10/25 9:17 p.m.84 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: timestamp-authority-fips, k3d, kiam, cluster-autoscaler-fips, terraform-provider-sendgrid, up, prometheus-adapter-fips, aactl, kube-oidc-proxy, src, kubeflow, scorecard, aws-efs-csi-driver-fips, kubernetes-csi-livenessprobe-fips, kubevela, prometheus-blackbox-exporte...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2023/10/10 9:28 p.m.46 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: kaf, hugo, terraform-provider-sendgrid, gomplate, grpcurl, slsa-verifier, cosign, dgraph, hey, grype, kpt, nginx-stable, nats, pulumi-language-java, coredns, nodetaint, pulumi-language-yaml, ip-masq-agent, kubewatch, prometheus-adapter, metacontroller, aactl, ollama,...

5.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/20 4:58 p.m.29 views

Improper path handling in Kustomization files allows for denial of service

The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user can use a specially crafted kustomization.yaml to cause Denial of Service at controller level. In multi-tenancy deployments this can lead to multiple...

7.7CVSS0.8AI score0.0095EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder