Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CNNVD
CNNVDadded 2026/04/21 12:0 a.m.8 views

Tekton Pipelines 资源管理错误漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. Versions of Tekton Pipelines prior to 1.11.1 contained a resource management vulnerability. This vulnerability stemmed from the FetchHttpResource function in the HTTP parser, which did not limit the size of the response...

6.5CVSS5.8AI score0.00054EPSS
Exploits1References3
Veracode
Veracodeadded 2023/07/13 10:57 a.m.18 views

Authorization Bypass

github.com/tektoncd/pipeline is vulnerable to Authorization Bypasses. The Pipelines do not check child UIDs, therefore users who have permission to create TaskRuns are able to create their own tasks, tricking the controller into linking irrelevant runs to the pipeline, feeding data through the...

4.3CVSS6.7AI score0.00099EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2023/07/07 6:46 p.m.28 views

GHSA-W2H3-VVVQ-3M53 Pipelines do not validate child UIDs

Summary Pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. We should add UID to PipelineRun status and validate that child Run status/results only come from Runs...

3.7CVSS4.2AI score0.00099EPSS
Exploits1References5
Cvelist
Cvelistadded 2023/07/07 4:23 p.m.18 views

CVE-2023-37264 Pipelines do not validate child UIDs

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

3.7CVSS4.8AI score0.00099EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2023/07/07 4:23 p.m.10 views

CVE-2023-37264 Pipelines do not validate child UIDs

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

3.7CVSS6.6AI score0.00099EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2023/07/07 12:0 a.m.4 views

PT-2023-25868 · Unknown · Tekton Pipelines

Name of the Vulnerable Software and Affected Versions: Tekton Pipelines versions 0.35.0 and later Description: The Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user...

4.3CVSS6.5AI score0.00099EPSS
Exploits1References10
Rows per page
Query Builder