9 matches found
CVE-2026-50195
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...
CVE-2026-50195
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...
CVE-2026-50195
Containerd CVE-2026-50195 affects CRI checkpoint import: unvalidated image references in a checkpoint config allow an attacker with pod-creation permissions to trigger pulling a malicious image and assign it a local tag, poisoning the node’s local image cache. Subsequent pods on the same node usi...
containerd: CRI checkpoint import allows local image tag poisoning
Impact containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious...
GHSA-F49J-V924-FX9W Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution
Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...
PT-2024-36825 · Unknown · Fence Agents Remediation Operator
Name of the Vulnerable Software and Affected Versions: Fence Agents Remediation operator affected versions not specified Description: A flaw was found in the Fence Agents Remediation operator, allowing a Remote Code Execution RCE primitive by supplying an arbitrary command to execute in the...
Critical: Red Hat Security Advisory: OpenShift Container Platform 3.4 security update
An update is now available for Red Hat OpenShift Container Platform release 3.4. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
kubernetes: authentication/authorization bypass in the handling of non-101 responses
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...
kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath
It was found that volume security can be sidestepped with innocent emptyDir and subpath. This could give an attacker with access to a pod full control over the node host by gaining access to docker socket...