Lucene search
K

9 matches found

CVE
CVE
added 2026/06/10 5:20 p.m.21 views

CVE-2026-46617

CVE-2026-46617 (Fission) affects Fission runtimes prior to v1.23.0. The runtime pod was created with ServiceAccountName: fission-fetcher, which had namespace-wide get permissions on secrets and configmaps. The automounted token was accessible inside user function containers at /var/run/secrets/ku...

8.7CVSS5.5AI score0.00276EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/21 8:16 p.m.26 views

Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read

Summary Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps it needs that to load function code, env vars, and config. The runtime pod's automounted token was reachable from...

8.7CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/01/21 9:22 p.m.59 views

CVE-2026-22822

CVE-2026-22822 affects the External Secrets Operator. The root issue is the getSecretKey templating function, which in versions starting from 0.20.2 and prior to 1.2.0 allowed cross‑namespace retrieval of secrets via the controller’s roleBinding, bypassing safeguards. This could lead to unauthori...

9.3CVSS5.5AI score0.00175EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/06 6:44 p.m.6 views

CVE-2025-66623

A flaw was found in Strimzi. This vulnerability allows unauthorized GET access to all Kubernetes K8s Secrets that exist in the given Kubernetes K8s namespace via incorrect Kubernetes K8s Role creation. Mitigation Mitigation for this issue is either not available or the currently available options...

7.4CVSS5.8AI score0.00178EPSS
Exploits0References5
OSV
OSV
added 2025/11/04 3:43 p.m.3 views

GHSA-GF93-XCCM-5G6J MARIN3R: Cross-Namespace Vulnerability in the Operator

Summary Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate allows users to bypass RBAC and access Secrets in unauthorized namespaces. Affected Versions All versions prior to v0.13.4 Patched Versions v0.13.4 and later Impact Users with permission to create...

8.7CVSS6.3AI score0.00184EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.4 views

PT-2025-45114

Name of the Vulnerable Software and Affected Versions MARIN3R versions 0.13.3 and below Description MARIN3R, a lightweight, CRD based envoy control plane for kubernetes, contains a flaw where a cross-namespace secret access issue exists in the DiscoveryServiceCertificate component. This allows...

8.7CVSS6.4AI score0.00184EPSS
Exploits0References12
Snyk
Snyk
added 2025/03/18 3:17 p.m.0 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management when handling namespace scopes for BMCEventSubscription. A user with namespace level roles can access and manipulate secrets from unauthorized namespaces by creating a BMCEventSubscription in a namespace th...

8.2CVSS6.8AI score0.00169EPSS
Exploits0References3
CNVD
CNVD
added 2021/05/28 12:0 a.m.8 views

Unspecified Vulnerability in KubeVirt

Kubevirt is a virtual machine manager. A security vulnerability exists in KubeVirt versions prior to 0.26.0, which can be exploited by an attacker to read the contents of any secret attached to its namespace...

6.5CVSS6.5AI score0.00746EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.5 views

KubeVirt 安全漏洞

Kubevirt is a virtual machine manager. A security vulnerability exists in KubeVirt versions prior to 0.26.0, which can be exploited by an attacker to read the contents of any secret attached to its namespace...

6.5CVSS5.6AI score0.00746EPSS
Exploits0References1
Rows per page
Query Builder