5 matches found
CVE-2025-59823
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
CVE-2025-59823
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
CVE-2025-47282
Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user...
Privilege Escalation
github.com/gardener/external-dns-management is vulnerable to a privilege escalation. The vulnerability is due to insufficient isolation and access control between shoot clusters and the seed cluster in the external-dns-management component, which allows an attacker with admin access to a shoot...
CVE-2025-47282
CVE-2025-47282 affects Gardener External DNS Management (< 0.23.6) and, when enabled, the shoot-dns-service extension (= 0.23.6; for the extension, upgrade the shoot-dns-service extension beyond v1.60.0. If exploitation details are provided in the connected documents they are not included here...