8 matches found
GHSA-CXH2-4639-VMC5 OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth
Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...
CVE-2026-40898 vulnerabilities
Vulnerabilities for packages: prometheus-blackbox-exporter, teleport, coredns, q, kubernetes-dns-node-cache, ipfs-cluster, kyverno-policy-reporter, kube-metrics-adapter, jitsucom-bulker, k8sgateway, spegel, dkron, kargo, kyverno-policy-reporter-ui, kubo, k3s, frp, traefik, opentelemetry-operator...
CVE-2026-44903 vulnerabilities
Vulnerabilities for packages: loki, mc, minio, splunk-otel-collector, datadog-agent, jaeger, opentelemetry-collector, tempo, opentelemetry-collector-contrib, amazon-cloudwatch-agent-operator, certificate-transparency, fluent-bit-plugin-loki, prometheus, cloud-sql-proxy, minio-object-browser,...
CVE-2026-25518 vulnerabilities
Vulnerabilities for packages: cert-manager-openshift-routes-fips, aws-privateca-issuer, cert-manager-cmctl-fips, percona-server-mongodb-operator, percona-xtradb-cluster-operator-fips, step-issuer-fips, percona-xtradb-cluster-operator, cert-manager-google-cas-issuer, mariadb-operator-fips,...
CVE-2026-25518 vulnerabilities
Vulnerabilities for packages: mariadb-operator, cert-manager-cmctl, percona-server-mongodb-operator, cert-manager-csi-driver, cert-manager-webhook-pdns, opentelemetry-operator, step-issuer, cert-manager-istio-csr, aws-privateca-issuer...
GHSA-GX3X-VQ4P-MHHV vulnerabilities
Vulnerabilities for packages: mariadb-operator, cert-manager-cmctl, percona-server-mongodb-operator, cert-manager-csi-driver, cert-manager-webhook-pdns, opentelemetry-operator, step-issuer, cert-manager-istio-csr, aws-privateca-issuer...
GHSA-GX3X-VQ4P-MHHV vulnerabilities
Vulnerabilities for packages: cert-manager-openshift-routes-fips, aws-privateca-issuer, cert-manager-cmctl-fips, percona-server-mongodb-operator, percona-xtradb-cluster-operator-fips, step-issuer-fips, percona-xtradb-cluster-operator, cert-manager-google-cas-issuer, mariadb-operator-fips,...
CVE-2025-30204 vulnerabilities
Vulnerabilities for packages: guac, bank-vaults, openfga, glab, crossplane-provider-azure-storage, grafana-agent-operator, amazon-cloudwatch-agent, ko, octo-sts, step, opentelemetry-collector, amazon-cloudwatch-agent-operator, spire-server, terraform-provider-azapi, argo-rollouts, ksops,...