8 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authentication middleware in the smPolicyGroup route group, which allows unauthenticated requests to access sensitive endpoints. An attacker can gain unauthorized access to subscriber information,...
GHSA-WQCW-G35J-J578 Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call
Impact Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manne...
The vulnerability of the AdmissionPolicy and AdmissionPolicyGroup settings of the Kubernetes cluster’s kubewarden-controller controller allows a malicious actor to gain unauthorized access to modify data or expose protected information.
The vulnerability of the AdmissionPolicy and AdmissionPolicyGroup settings in the Kubernetes cluster kubewarden-controller is related to improper authorization. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to modify data or expose sensitive...
GO-2025-3435 Kubewarden-Controller information leak via AdmissionPolicyGroup Resource in github.com/kubewarden/kubewarden-controller
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource in github.com/kubewarden/kubewarden-controller...
kubewarden-controller 授权问题漏洞
kubewarden-controller is a kubewarden open source access policy for easy management of Kubernetes clusters. An authorization issue vulnerability exists in kubewarden-controller versions prior to 1.17.0 through 1.21.0, which stems from the addition of a policy group feature that allows for the...
kubewarden-controller 安全漏洞
kubewarden-controller is a kubewarden open source access policy for easy management of Kubernetes clusters. A security vulnerability exists in kubewarden-controller versions prior to 1.7.0 through 1.21.0, which stems from the fact that AdmissionPolicy and AdmissionPolicyGroup can evaluate namespa...
PT-2025-5568 · Unknown +1 · Kubewarden-Controller +1
Name of the Vulnerable Software and Affected Versions: kubewarden-controller versions 1.17.0 through 1.20.x Description: The issue allows an attacker to obtain information about resources that are out of their reach by leveraging a higher access to the cluster granted to the ServiceAccount token...
PT-2024-16008 · Safenet · Esafenet Cdg
Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue has been found in ESAFENET CDG, affecting the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument...