16 matches found
CVE-2026-42541
Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...
CVE-2026-42541
Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...
Contour has Lua code injection via Cookie Path Rewrite Policy
Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...
EUVD-2024-2135
Malicious code in bioql PyPI...
Security Bulletin: Location Service for ESRI Component uses multiple vulnerable libraries and wildcard characters when defining RBAC permissions in Dockerfiles which are vulnerable to multiple CVEs
Summary Location Service for ESRI Component uses jinja2-3.1.4-py3-none-any.whl, jinja2-3.1.5-py3-none-any.whl, cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl and wildcard characters when defining RBAC permissions in Dockerfiles which are vulnerable to CVE-2024-56326, CVE-2024-56201,...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.7 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Hotfix XS82ECU1074 - For Citrix Hypervisor 8.2 Cumulative Update 1
Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. Note: This hotfix is available only to customers on theCustomer Success Servicesprogram. Where To Get This Hotfix Download Citrix Hypervisor 8.2 Cumulative Update 1 hotfixes from...
GO-2024-2866 Submariner Operator sets unnecessary RBAC permissions in helm charts in github.com/submariner-io/submariner-operator
Submariner Operator sets unnecessary RBAC permissions in helm charts in github.com/submariner-io/submariner-operator...
GHSA-2RHX-QHXP-5JPW Submariner Operator sets unnecessary RBAC permissions
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster...
CVE-2024-5042 Submariner-operator: rbac permissions can allow for the spread of node compromises
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster...
Improper Authentication
github.com/labring/sealos is vulnerable to Improper Authentication. The vulnerability exists due to Improper configuration in RBAC permissions, which allows an attacker to gain access and perform unauthorized actions...
CVE-2023-33190
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control RBAC permissions resulted in an attacker being able to obtain cluster control permissions, which could contr...
CVE-2022-2403
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. This flaw allows a malicious user to read the...
Kubernetes Security Is Not Container Security
Container-specific security I recently had an interesting discussion with Gianluca Brindisi from Spotify about the differences between Kubernetes security and container security. Typically, the discussion about container security focuses on general questions that aren’t focused on a specific...
Kubernetes: Kubelet follows symlinks as root in /var/log from the /logs server endpoint
Summary: Privilege escalation from a pod, to root read permissions on the entire filesytem of the node, by creating symlinks inside /var/log. The kubelet is simply serving a fileserver at /var/log: kubernetes\pkg\kubelet\kubelet.go:1371 golang if kl.logServer == nil kl.logServer =...