Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4 matches found

RedhatCVE
RedhatCVEadded 2025/04/26 12:1 a.m.7 views

CVE-2025-32963

MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...

6.9CVSS6.8AI score0.0054EPSS
Exploits0References1
NVD
NVDadded 2025/04/22 6:16 p.m.11 views

CVE-2025-32963

MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...

6.9CVSS0.0054EPSS
Exploits0References3
CVE
CVEadded 2025/04/22 5:14 p.m.76 views

CVE-2025-32963

MinIO Operator STS (Kubernetes IAM) flaw: before v7.1.0, the spec.audiences default could be the Kubernetes API server, allowing replay to internal systems. Root cause: unscoped audiences enable trust beyond intended scope. Impact: tokens could be replayed to other components; mitigated only by p...

6.9CVSS6.5AI score0.0054EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/04/22 5:14 p.m.25 views

CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS

MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...

6.9CVSS0.0054EPSS
Exploits0References3
Rows per page
Query Builder