2 matches found
GHSA-VVMQ-FWMG-2GJC Improper kubeconfig validation allows arbitrary code execution
Flux2 can reconcile the state of a remote cluster when provided with a kubeconfig with the correct access rights. Kubeconfig files can define commands to be executed to generate on-demand authentication tokens. A malicious user with write access to a Flux source or direct access to the target...
kubernetes: Validating Admission Webhook does not observe some previous fields
A vulnerability was found in Kubernetes' kube-apiserver that could allow Node updates to bypass a Validating Admission Webhook. An authenticated user could exploit this by modifying Node properties to values that should have been prevented by registered admission webhooks...