30 matches found
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: malcontent, mariadb-operator, osv-scanner, github-mcp-server, local-path-provisioner, victoriametrics-cluster, flux-image-reflector-controller, flux-source-controller, grafana-operator, external-secrets-operator, mountpoint-s3-csi-driver, tailscale, victoriametrics,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: flyte, kubernetes-csi-external-resizer-fips, crossplane-provider-aws-cloudformation-fips, swagger, rancher-telemetry, sftpgo-plugin-pubsub, backup-restore-operator-fips, src, boring-registry, cloud-provider-aws, ingress-nginx-controller-fips, libnvidia-container,...
EUVD-2022-0837
Malicious code in bioql PyPI...
EUVD-2023-1539
Malicious code in bioql PyPI...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: memcached-exporter-fips, sftpgo-plugin-pubsub, cloud-provider-aws, karpenter, kubernetes-dashboard-fips, knative-eventing-fips, stakater-reloader, azuredisk-csi-fips, blob-csi-fips, terraform-provider-time, configmap-reload-fips, newrelic-nri-statsd, yace-fips,...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: memcached-exporter-fips, sftpgo-plugin-pubsub, cloud-provider-aws, karpenter, kubernetes-dashboard-fips, knative-eventing-fips, stakater-reloader, azuredisk-csi-fips, blob-csi-fips, terraform-provider-time, configmap-reload-fips, newrelic-nri-statsd, yace-fips,...
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: render-template, scorecard, kube-bench, thanos-operator, litefs, helm-operator, nri-mssql, k8sgpt-operator, secrets-store-csi-driver-provider-azure, local-path-provisioner, kubevela, cortex, up, nri-couchbase, cue, influx, paranoia, stakater-reloader, kubebuilder,...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: opentelemetry-collector, chezmoi, secrets-store-csi-driver-provider-azure, hugo, fluent-bit-plugin-loki, rekor, flyte, sigstore-scaffolding, flux-image-reflector-controller, sqlpad, flux-source-controller, policy-controller, trivy, falcoctl, trino, restic, cortex,...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: scorecard, kube-bench, thanos-operator, litefs, helm-operator, crossplane-provider-aws-cloudformation, crossplane-provider-aws-cloudwatchlogs, hugo, k8sgpt-operator, kargo, local-path-provisioner, secrets-store-csi-driver-provider-azure, flux-source-controller,...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: src, boring-registry, prometheus-redis-exporter-fips, kubernetes-csi-driver-hostpath, stakater-reloader, pulumi-language-dotnet, configmap-reload-fips, capslock, skaffold, kube-state-metrics, sigstore-scaffolding-fips, logstash-exporter-fips, kaniko, step-ca,...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: spark-operator, scorecard, aactl, dgraph, up, buildkitd, kubeflow, terraform-provider-sendgrid, k3d, prometheus-blackbox-exporter, kubescape, slsa-verifier, src, kubevela, falco, cortex...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: kubeflow-fips, cluster-autoscaler-fips, dynamic-localpv-provisioner-fips, prometheus-blackbox-exporter, src, timestamp-authority-fips, volume-modifier-for-k8s-fips, terraform-provider-sendgrid-fips, prometheus-stackdriver-exporter, smarter-device-manager-fips, cortex...
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: tkn, src, k3s, kube-logging-logging-operator, atlantis, runc, prometheus-mongodb-exporter, kube-state-metrics-fips, kubernetes-csi-livenessprobe-fips, kubernetes-dashboard, cue, vault-csi-provider, kubernetes-ingress-defaultbackend, falcoctl-fips, dgraph,...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: scorecard, hugo, flux-source-controller, kubevela, cortex, flux-notification-controller, cue, stakater-reloader, node-problem-detector, conftest, oauth2-proxy, grype, pulumi-kubernetes-operator, spark-operator, minio, grpcurl, secrets-store-csi-driver-provider-gcp,...
Insertion Of Sensitive Information Into Log File
sigs.k8s.io/secrets-store-csi-driver is vulnerable to Insertion of Sensitive Information Into Log File. An attacker with access to the driver logs could observe service account tokens due to the NodePublishVolume function of nodeserver.go...
CVE-2023-2878
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs...
CVE-2023-2878 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver...
CVE-2023-2878 Kubernetes secrets-store-csi-driver discloses service account tokens in logs
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs...
CVE-2023-2878
CVE-2023-2878 affects Kubernetes secrets-store-csi-driver. The vulnerability occurs in versions before 1.3.3, where the driver discloses service account tokens in logs. This could allow an attacker with local access or log access to read leaked tokens, enabling impersonation of the associated ser...
secrets-store-csi-driver discloses service account tokens in logs
A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged...