Lucene search
+L

58 matches found

Vulnrichment
Vulnrichment
added 2026/04/15 9:34 p.m.4 views

CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

9.1CVSS5.7AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 9:34 p.m.21 views

CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

9.1CVSS0.00357EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 9:34 p.m.23 views

CVE-2026-6388

The CVE describes a vulnerability in ArgoCD Image Updater where a user with rights to create/modify an ImageUpdater in a multi-tenant environment can bypass namespace boundaries due to insufficient validation. This leads to cross-namespace privilege escalation and unauthorized image updates on ap...

9.1CVSS5.7AI score0.00357EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 7:30 p.m.9 views

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in namespace validation for the ImageUpdater resources. An attacker can perform unauthorized image updates on applications in other namespaces by creating or modifying ImageUpdater resources,...

9.1CVSS5.8AI score0.00357EPSS
Exploits0References2
OSV
OSV
added 2026/04/15 7:24 p.m.3 views

CVE-2026-21726 Loki Path Traversal - CVE-2021-36156 Bypass

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS6.1AI score0.00409EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/01 6:36 p.m.6 views

EUVD-2026-17995

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS6AI score0.00248EPSS
Exploits0References3
CVE
CVE
added 2026/02/14 4:27 p.m.32 views

CVE-2026-23189

CVE-2026-23189 concerns a NULL pointer dereference in ceph_mds_auth_match() within the CephFS kernel client. The patch reworks ceph_mdsmap_decode() and namespace_equals() so that ceph_mdsmap contains an extracted FS name (m_fs_name) and the code path uses this value for strict authorization check...

5.5CVSS5.3AI score0.00112EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/01/17 12:32 a.m.8 views

SUSE CVE-2025-14986

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

5.3CVSS6.9AI score0.00415EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/01 8:27 p.m.3 views

CVE-2025-14986

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

5.3CVSS6.8AI score0.00415EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 9:30 p.m.5 views

EUVD-2025-205854

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

5.3CVSS6.3AI score0.00415EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/30 9:30 p.m.11 views

Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

5.3CVSS6.9AI score0.00415EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/12/30 9:30 p.m.4 views

GHSA-P2GR-HM8G-Q772 Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

5.3CVSS6.8AI score0.00415EPSS
Exploits0References6
NVD
NVD
added 2025/12/30 9:15 p.m.6 views

CVE-2025-14986

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

5.3CVSS0.00415EPSS
Exploits0References3
OSV
OSV
added 2025/12/30 8:17 p.m.6 views

CVE-2025-14986 ExecuteMultiOperation Namespace Policy Bypass

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

5.3CVSS6.1AI score0.00415EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.6 views

Temporal 安全漏洞

Temporal is a persistent execution platform open-sourced by temporal.io. A security vulnerability exists in Temporal versions 1.24.0 through 1.29.1, which stems from improper namespace validation and could lead to bypassing restrictions or policies...

5.3CVSS6.1AI score0.00415EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-54224

Name of the Vulnerable Software and Affected Versions Temporal versions 1.24.0 through 1.29.1 Description When the frontend.enableExecuteMultiOperation setting is enabled, the server incorrectly applies namespace-scoped validation and feature gates. Specifically, it uses the Namespace field from ...

5.3CVSS5.4AI score0.00415EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/10/16 6:49 p.m.6 views

CVE-2025-62159

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS6.7AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2025/10/10 11:15 p.m.9 views

CVE-2025-62159

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS0.00285EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/10 10:41 p.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to the resolvers.SecretKeyRef process not being used for namespace validation. An attacker can gain unauthorized access to secrets across namespaces by exploiting the lack of proper namespace checks during secr...

8.7CVSS7AI score0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/10 10:23 p.m.1 views

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS6.5AI score0.00285EPSS
Exploits0References1
Rows per page
Query Builder