4 matches found
CVE-2026-33022
A denial of service flaw was found in Tekton Pipelines. Any user who can create a TaskRun or PipelineRun to crash the controller cluster-wide by setting .spec.taskRef.resolver or .spec.pipelineRef.resolver to a string of 31+ characters. The crash occurs because GenerateDeterministicNameFromSpec...
CVE-2026-33022
CVE-2026-33022 (Tekton Pipelines) causes a denial-of-service by allowing any user who can create a TaskRun or PipelineRun to crash the controller cluster-wide when .spec.taskRef.resolver or .spec.pipelineRef.resolver is set to a 31+ character string. The crash stems from GenerateDeterministicName...
CVE-2026-33022 Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...
CVE-2026-33022 Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...