Lucene search
K

6 matches found

OSV
OSV
added 2022/05/16 6:13 p.m.20 views

GHSA-VVMQ-FWMG-2GJC Improper kubeconfig validation allows arbitrary code execution

Flux2 can reconcile the state of a remote cluster when provided with a kubeconfig with the correct access rights. Kubeconfig files can define commands to be executed to generate on-demand authentication tokens. A malicious user with write access to a Flux source or direct access to the target...

9.9CVSS10AI score0.01044EPSS
Exploits0References3
NVD
NVD
added 2021/11/17 7:15 p.m.15 views

CVE-2021-43979

Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish...

5.3CVSS0.01018EPSS
Exploits0References2
OSV
OSV
added 2021/11/17 7:15 p.m.5 views

CVE-2021-43979

Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish...

5.3CVSS5.3AI score
Exploits0References2
Prion
Prion
added 2021/11/17 7:15 p.m.19 views

Design/Logic Flaw

DISPUTED Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication t...

5CVSS5.3AI score0.01018EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/11/17 6:26 p.m.24 views

CVE-2021-43979

Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish...

5.6AI score0.01018EPSS
Exploits0References2
CVE
CVE
added 2021/11/17 6:26 p.m.43 views

CVE-2021-43979

CVE-2021-43979 affects Styra Open Policy Agent (OPA) Gatekeeper up to version 3.7.0. The issue stems from mishandled concurrency during data replication, where OPA/Gatekeeper does not wait for replication to finish before processing requests. This can cause inconsistencies between replicated reso...

5.3CVSS5.2AI score0.01018EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder