4 matches found
CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
SUSE CVE-2025-47284
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the gardenlet component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a...
CVE-2025-47283
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain...
Privilege Chaining
Overview Affected versions of this package are vulnerable to Privilege Chaining via the project secret validation process. An attacker can escalate privileges and potentially gain control over seed clusters by bypassing the intended security restrictions. Remediation Upgrade...