Lucene search
+L

7 matches found

Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-49445 Cilium: Sensitive information disclosure and cluster disruption via local Envoy admin socket access

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...

9.2CVSS0.0017EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 5:3 p.m.6 views

GHSA-3FCV-JVFP-M4Q9 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access

Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...

9.2CVSS5.9AI score0.0017EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 12:4 p.m.11 views

EUVD-2026-34248

A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...

9.6CVSS5.8AI score0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:4 p.m.6 views

CVE-2026-10840

A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...

7.1CVSS5.8AI score0.00173EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46191

Name of the Vulnerable Software and Affected Versions OpenShift Pipelines operator affected versions not specified Description A flaw in the OpenShift Pipelines operator occurs because the tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue...

7.1CVSS5.5AI score0.00173EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/19 7:30 p.m.26 views

Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...

5.9AI score
Exploits0References5Affected Software3
The Hacker News
The Hacker News
added 2023/10/30 6:46 a.m.120 views

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows - CVE-2022-4886 CVSS score: 8.8 - Ingress-nginx path...

8.2AI score0.56568EPSS
Exploits2
Rows per page
Query Builder