Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.4 views

SUSE CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.7 views

CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.6AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 9:17 p.m.4 views

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.6AI score0.00175EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/20 9:17 p.m.28 views

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS0.00175EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 3:16 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the REST API, Kargo’s authorization model fails to enforce the non-standard promote "dolphin verb" across three specific endpoints. While this sensitive operation is correctly gated in the legacy gRPC API, the...

5.3CVSS5.7AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-21302

Name of the Vulnerable Software and Affected Versions Kargo versions 1.9.0 through 1.9.2 Description Kargo manages and automates the promotion of software artifacts. The authorization model includes a 'promote' verb intended to control access to promotion pipelines. While correctly enforced in th...

9.9CVSS5.2AI score0.27661EPSS
Exploits45References115
Rows per page
Query Builder