4 matches found
CVE-2026-22872 Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability
Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...
WebPros Comet Backup 安全漏洞
WebPros Comet Backup is a data backup and recovery platform developed by the Swiss company WebPros. Versions 20.11.0 to 26.1.1, and 26.2.1 of WebPros Comet Backup contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, allowing tenant administrators to...
Unsafe plugins can be installed via pack import by tenant admins
Summary Unsafe plugins for instance sql-list can be installed in subdomain tenants via pack import even if unsafe plugin installation for tenants is disables Details I have an example https://bot20230704.saltcorn.com/view/allplugins It's publicly accessible but has not so secure values except lis...
GHSA-WXF3-4FVJ-VQQX Unsafe plugins can be installed via pack import by tenant admins
Summary Unsafe plugins for instance sql-list can be installed in subdomain tenants via pack import even if unsafe plugin installation for tenants is disables Details I have an example https://bot20230704.saltcorn.com/view/allplugins It's publicly accessible but has not so secure values except lis...