Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 7:10 p.m.6 views

CVE-2026-11769

A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...

8.8CVSS5.7AI score0.00361EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 8:51 p.m.11 views

EUVD-2026-36641

Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName...

6.4CVSS5.8AI score0.00361EPSS
Exploits0References3
CVE
CVE
added 2026/06/13 4:17 a.m.68 views

CVE-2026-11769

Grafana Operator

8.8CVSS5.5AI score0.00361EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/05 4:32 p.m.4 views

GHSA-JJRM-HR5F-673X Source controller: Improper path handling allows traversal

Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...

5.3CVSS5.6AI score0.00052EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/16 9:38 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:38 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:38 p.m.29 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/06 11:35 p.m.9 views

KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

Summary The permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. Details Following the GitHub security advisory published on March 23 2023, a ValidatingAdmissionPolicy w...

6.9CVSS5.5AI score0.00254EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder