6 matches found
CVE-2026-42876
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
Malicious code in @bcrumbs.net/bc-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4bd9ccff2d027c9982ab41ff4b4417e62475e70aba04212794f267030f63ab0 The exported BCChat React component embeds a hardcoded Azure Blob SAS URL https://bcuserres.blob.core.windows.net/anonymous with a long-lived SAS tok...
CVE-2026-42876
External Secrets Operator (ESO) vulnerability where a user with permission to create ExternalSecret resources can trigger creation of a Secret populated with a long‑lived token for a service account, enabling impersonation of that service account in the namespace. This privilege escalation is pos...
ExternalSecrets vulnerable to privilege escalation with secret overwriting
ExternalSecrets allows users to craft Service Account tokens for misconfigured Service Accounts in namespaces the users have access to. Impact A user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populate wi...
Unspecified Vulnerability in FileBrowser
FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from a flaw in the authentication system that can be exploit...
FileBrowser 安全漏洞
FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from a flaw in the authentication system that can be exploit...