8 matches found
GO-2026-4730 Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun in github.com/tektoncd/pipeline
Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun in github.com/tektoncd/pipeline...
CVE-2026-33022
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...
CVE-2026-33022
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...
CVE-2026-33022 Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the GenerateDeterministicNameFromSpec function in pkg/resolution/resource/name.go. An attacker can crash the controller and block all TaskRun/PipelineRun reconciliation by...
GHSA-CV4X-93XX-WGFJ Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun
Summary A user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting .spec.taskRef.resolver or .spec.pipelineRef.resolver to a string of 31 characters or more, causing a denial of service for all reconciliation. Details The controller...
Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun
Summary A user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting .spec.taskRef.resolver or .spec.pipelineRef.resolver to a string of 31 characters or more, causing a denial of service for all reconciliation. Details The controller...
PT-2026-25993
Summary A user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting .spec.taskRef.resolver or .spec.pipelineRef.resolver to a string of 31 characters or more, causing a denial of service for all reconciliation. Details The controller...