22 matches found
GHSA-CP6G-7HQX-QXHP vulnerabilities
Vulnerabilities for packages: tempo-fips, virt-api-fips, loki-fips, grafana-mimir, google-cloud-otel-ops-collector, bento-fips, loki, cilium-fips, external-secrets-operator-fips, ory-kratos, trident-fips, dapr-fips, vault, vcluster-fips, amazon-cloudwatch-agent-fips, packer-fips, tbot,...
CVE-2026-2303 vulnerabilities
Vulnerabilities for packages: tempo-fips, virt-api-fips, loki-fips, grafana-mimir, google-cloud-otel-ops-collector, bento-fips, loki, cilium-fips, external-secrets-operator-fips, ory-kratos, trident-fips, dapr-fips, vault, vcluster-fips, amazon-cloudwatch-agent-fips, packer-fips, tbot,...
CVE-2026-42457
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
CVE-2026-42457
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
CVE-2026-42457 vCluster Platform: Stored XSS can lead to privilege escalation
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
CVE-2026-42457
Affected software: vCluster Platform. Component/issue: Stored XSS via the name field of a templateRef (root cause: stored XSS in templateRef name). Impact: could lead to arbitrary script execution in the platform’s browser context and, in the worst case, privilege escalation by creating a new Glo...
vCluster Platform 跨站脚本漏洞
vCluster Platform is an open-source virtual cluster manager developed by vCluster. Versions prior to vCluster Platform 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type cross-site scripting in the name field of the...
PT-2026-40945
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
GHSA-PC3F-X583-G7J2 vulnerabilities
Vulnerabilities for packages: kpt, gitlab-kas, kiali, emissary, infinispan-operator, kube-arangodb, vcluster, eksctl, kubeflow-pipelines, redis-operator, consul-k8s, cilium, kubescape, k8sgpt-operator, linkerd2, percona-server-mongodb-operator, hubble, teleport, k9s, rancher-agent, argo-cd,...
CVE-2026-35469 vulnerabilities
Vulnerabilities for packages: kpt, gitlab-kas, kiali, emissary, infinispan-operator, kube-arangodb, vcluster, eksctl, kubeflow-pipelines, redis-operator, consul-k8s, cilium, kubescape, k8sgpt-operator, linkerd2, percona-server-mongodb-operator, hubble, teleport, k9s, rancher-agent, argo-cd,...
CVE-2026-34986 vulnerabilities
Vulnerabilities for packages: trivy, datadog-agent, restic-fips, caddy, commercial-chainloop-backend, fulcio, gatus-fips, elastic-agent, google-osconfig-agent, rabbitmq-messaging-topology-operator, envoy-gateway-fips, snyk-cli, flux-kustomize-controller-fips, kyverno-policy-reporter-fips, ko-fips...
CVE-2026-32285 vulnerabilities
Vulnerabilities for packages: nfpm, dgraph, tempo, vcluster, eksctl, ollama, prometheus, teleport, loki, terraform-mcp-server, grafana-alloy, rclone, minio, datadog-agent, gitlab-runner, opentelemetry-collector, k3s, grafana, kubevela, redpanda, nuclei, weaviate, lazygit, witness, dagger,...
CVE-2026-22806
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...
CVE-2026-22806
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...
CVE-2026-22806 vCluster Platform's Access Keys Allows Access Beyond Scope
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...
CVE-2026-22806
CVE-2026-22806 affects vCluster Platform: prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, an access key with a limited scope could be bypassed to reach resources outside the scope, though access remains within the key owner’s permissions. Fixes are available in those versions (4.6.0, 4.5.4, 4....
CVE-2026-22806 vCluster Platform's Access Keys Allows Access Beyond Scope
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...
EUVD-2026-4960
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...
CVE-2026-22806
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...
CVE-2026-22806 vCluster Platform's Access Keys Allows Access Beyond Scope
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...