5 matches found
SUSE CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
CVE-2026-40109
CVE-2026-40109 affects Flux notification-controller (GitOps Toolkit) prior to version 1.8.3. The vulnerability lies in the gcr Receiver type not validating the email claim of Google OIDC tokens used for Pub/Sub push authentication, allowing any valid Google-issued token to authenticate against th...
PT-2026-31735
Name of the Vulnerable Software and Affected Versions Flux notification-controller versions prior to 1.8.3 Description Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. The gcr Receiver type does not validate the email claim of...