8 matches found
GHSA-CXH2-4639-VMC5 OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth
Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...
CVE-2026-40898 vulnerabilities
Vulnerabilities for packages: dkron, spegel, kubernetes-dns-node-cache, teleport, q, kyverno-policy-reporter-ui, kubo, frp, kyverno-policy-reporter, kube-metrics-adapter, ipfs-cluster, jitsucom-bulker, k8sgateway, kargo, coredns, opentelemetry-operator, k3s, traefik, prometheus-blackbox-exporter...
CVE-2026-44903 vulnerabilities
Vulnerabilities for packages: node-problem-detector, prometheus, datadog-agent, karma, minio, mc, jaeger, prometheus-pushgateway, keda, istio, trillian, cloud-sql-proxy, fluent-bit-plugin-loki, metrics-server, tempo, amazon-cloudwatch-agent-operator, loki, minio-object-browser,...
CVE-2026-25518 vulnerabilities
Vulnerabilities for packages: cert-manager-google-cas-issuer, cert-manager-istio-csr-fips, cert-manager-google-cas-issuer-fips, cert-manager-csi-driver-fips, percona-server-mongodb-operator, percona-xtradb-cluster-operator-fips, opentelemetry-operator-fips, aws-privateca-issuer-fips,...
CVE-2026-25518 vulnerabilities
Vulnerabilities for packages: cert-manager-csi-driver, mariadb-operator, aws-privateca-issuer, cert-manager-webhook-pdns, opentelemetry-operator, cert-manager-cmctl, percona-server-mongodb-operator, cert-manager-istio-csr, step-issuer...
GHSA-GX3X-VQ4P-MHHV vulnerabilities
Vulnerabilities for packages: cert-manager-csi-driver, mariadb-operator, aws-privateca-issuer, cert-manager-webhook-pdns, opentelemetry-operator, cert-manager-cmctl, percona-server-mongodb-operator, cert-manager-istio-csr, step-issuer...
GHSA-GX3X-VQ4P-MHHV vulnerabilities
Vulnerabilities for packages: cert-manager-google-cas-issuer, cert-manager-istio-csr-fips, cert-manager-google-cas-issuer-fips, cert-manager-csi-driver-fips, percona-server-mongodb-operator, percona-xtradb-cluster-operator-fips, opentelemetry-operator-fips, aws-privateca-issuer-fips,...
CVE-2025-30204 vulnerabilities
Vulnerabilities for packages: op-geth, atlantis, crossplane-provider-azure, flux-image-automation-controller, external-dns, aws-eks-pod-identity-agent, velero, cortex, chartmuseum, hydra, mc, kine, tekton-chains, flux-source-controller, zot, mongo-tools, boring-registry, seaweedfs, sops,...