214 matches found
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: kots, kubescape-server-fips, k9s-fips, kyverno-fips, gitlab-rails-ce, drone, cilium, trivy-fips, gitea-fips, external-secrets-operator-fips, knative-kafka-broker-fips, external-dns, minio-fips, nerdctl, mattermost, backup-restore-operator, rancher, zitadel,...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-athena, apko, crossplane-provider-aws-directconnect, flux-kustomize-controller, sealed-secrets-fips, crossplane-provider-aws-elbv2, crossplane-provider-keycloak, crossplane-provider-aws-kendra, drone, crossplane-provider-aws-bedrockagent-fips,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-athena, apko, crossplane-provider-aws-directconnect, flux-kustomize-controller, sealed-secrets-fips, crossplane-provider-aws-elbv2, crossplane-provider-keycloak, crossplane-provider-aws-kendra, drone, crossplane-provider-aws-bedrockagent-fips,...
GHSA-QPW4-5X99-6VJP vulnerabilities
Vulnerabilities for packages: apko, kots, kubescape-server-fips, k9s-fips, kyverno-fips, gitlab-rails-ce, drone, cilium, trufflehog-fips, dagger, buildkitd, trivy-fips, pulumi-language-yaml, gitea-fips, pulumi-kubernetes-operator, argo-events, external-secrets-operator-fips, podman,...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: apko, kots, kubescape-server-fips, k9s-fips, kyverno-fips, gitlab-rails-ce, vault, trufflehog-fips, caddy-fips, cilium, dagger, trivy-fips, pulumi-language-yaml, gitea-fips, pulumi-kubernetes-operator, argo-events, consul-fips, external-secrets-operator-fips, podman,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: kots, kubescape-server-fips, k9s-fips, kyverno-fips, gitlab-rails-ce, drone, cilium, trivy-fips, gitea-fips, external-secrets-operator-fips, knative-kafka-broker-fips, external-dns, minio-fips, nerdctl, mattermost, backup-restore-operator, rancher, zitadel,...
GHSA-9M57-25V3-79X9 vulnerabilities
Vulnerabilities for packages: kots, kyverno-fips, gitlab-rails-ce, cilium, external-secrets-operator-fips, podman, knative-kafka-broker-fips, external-dns, nerdctl, mattermost, backup-restore-operator, rancher, zitadel, opentelemetry-collector, knative-serving, prometheus-mongodb-exporter, harbor...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: kots, kyverno-fips, gitlab-rails-ce, cilium, external-secrets-operator-fips, podman, knative-kafka-broker-fips, external-dns, nerdctl, mattermost, backup-restore-operator, rancher, zitadel, opentelemetry-collector, knative-serving, prometheus-mongodb-exporter, harbor...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: apko, kots, kubescape-server-fips, k9s-fips, kyverno-fips, gitlab-rails-ce, trufflehog-fips, cilium, dagger, trivy-fips, pulumi-language-yaml, gitea-fips, pulumi-kubernetes-operator, argo-events, external-secrets-operator-fips, podman, knative-kafka-broker-fips,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: k9s, argo-events, terraform-provider-tls, flux-notification-controller, prometheus-operator, rootlesskit, atlantis, neuvector-sigstore-interface, cert-manager, gitlab-kas, docker-machine-driver-harvester, cilium, cluster-api-azure-controller, nerdctl, age, hcloud,...
GO-2026-5272 Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE in github.com/tektoncd/pipeline
Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE in github.com/tektoncd/pipeline...
GHSA-W2H3-VVVQ-3M53 vulnerabilities
Vulnerabilities for packages: tekton-pipelines, tekton-pipelines-fips...
CVE-2023-37264 vulnerabilities
Vulnerabilities for packages: tekton-pipelines, tekton-pipelines-fips...
GHSA-W2H3-VVVQ-3M53 vulnerabilities
Vulnerabilities for packages: tekton-pipelines...
CVE-2023-37264 vulnerabilities
Vulnerabilities for packages: tekton-pipelines...
EUVD-2026-34248
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840 Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840 Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
Red Hat OpenShift Pipelines 权限许可和访问控制问题漏洞
Red Hat OpenShift Pipelines is a Kubernetes-native continuous integration and continuous delivery platform developed by Red Hat Inc. There is a security vulnerability in Red Hat OpenShift Pipelines. This vulnerability stems from the ClusterRoleBinding for tekton-scheduler-rolebinding granting the...