12 matches found
EUVD-2025-0141
Malicious code in bioql PyPI...
CVE-2025-24784
kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considere...
BIT-ENVOY-2025-46821 Envoy vulnerable to bypass of RBAC uri_template permission
Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the character from a set of valid characters in the URI path. As a result URI path containing the character will not match a URI template...
Important: Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.5.0 release
Red Hat build of OpenTelemetry 3.5.0 has been released Release of Red Hat OpenShift distributed tracing provides following security improvements, bug fixes, and new features. Breaking changes: Nothing Deprecations: In the Red Hat build of OpenTelemetry 3.5, the Loki Exporter, which is a temporary...
GHSA-756X-M4MJ-Q96C Kubewarden-Controller information leak via AdmissionPolicyGroup Resource
Impact The policy group feature, added to by the 1.17.0 release, introduced two new types of CRD: ClusterAdmissionPolicyGroup and AdmissionPolicyGroup. The former is cluster wide, while the latter is namespaced. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluste...
CVE-2025-24784
kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considere...
CVE-2025-24784 kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource
kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considere...
CVE-2025-24784 kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource
kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considere...
CVE-2025-24784
CVE-2025-24784 affects kubewarden-controller (AdmissionPolicyGroup CRD) in Kubewarden. The issue enables an information leak where context aware policies can—via the ServiceAccount used to run the Policy Server—list/get resources in the cluster beyond the policy’s own scope, depending on the RBAC...
CVE-2025-24784 kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource
kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considere...
Permission Bypass
github.com/rancher/rancher is vulnerable to Permission Bypass. The vulnerability due to a misconfiguration in RBAC rules, which grants excessive permissions for the create or global role for the namespaces resource type. This flaw allows an attacker to access, create, update, or delete a namespac...
GHSA-C8XW-VJGF-94HR Argo CD web terminal session doesn't expire
Impact All versions of Argo CD starting from v2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open fo...