Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/04/24 3:14 a.m.31 views

CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

7.7CVSS0.00266EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/16 9:37 p.m.7 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the apiCall executor. An attacker can obtain sensitive credentials by sending crafted HTTP requests to endpoints controlled by the attacker, causing the automatic forwarding of the ServiceAccount...

9.1CVSS5.8AI score0.0056EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 8:9 p.m.6 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...

8.1CVSS5.8AI score0.00289EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/27 6:2 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the context variable evaluation process. An attacker with policy creation privileges can exhaust system memory and disrupt service availability with policies that exponentially...

7.7CVSS5.9AI score0.00531EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/27 6:2 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the context variable evaluation process. An attacker with policy creation privileges can exhaust system memory and disrupt service availability with policies that exponentially...

7.7CVSS5.9AI score0.00531EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/27 6:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via apiCall. An attacker can gain unauthorized access to sensitive resources and escalate privileges via malicious urlPath values that cause the system to perform Kubernetes API requests outside the...

9.9CVSS5.9AI score0.00516EPSS
Exploits1References2
Rows per page
Query Builder