PT-2026-42687

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description Runtime pods were configured with the fission-fetcher ServiceAccount, which possesses namespace-wide get permissions for secrets and configmaps. Because the service account token was automounted and...

CVE-2026-43391

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

CVE-2026-43391

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

CVE-2026-43403

CVE-2026-43403 concerns the Linux kernel nsfs component. The issue arises from insufficient permission checks in ns iteration ioctls, potentially allowing a privileged service to view information from other privileged services and perform information disclosure. Multiple sources (Red Hat, Debian,...

Kyverno is vulnerable to server-side request forgery (SSRF)

Overview Kyverno, versions 1.16.0 to present, contains an SSRF vulnerability in its CEL-based HTTP functions, which lack URL validation or namespace scoping and allow namespaced policies to trigger arbitrary internal HTTP requests. An attacker with only namespace-level permissions can exploit thi...

CVE-2025-13888

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...

CVE-2023-32194

A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the...

Permission Manager - A Project That Brings Sanity To Kubernetes RBAC And Users Management, Web UI FTW

Welcome to the Permission Manager! Permission Manager is an application developed by SIGHUP that enables a super-easy and user-friendly RBACmanagement for Kubernetes. If you are looking for a simple and intuitive way of managing your users within a Kubernetes cluster, this is the right place. Wit...

USN-2516-3 linux vulnerabilities

USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter CNTVCT on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw w...