2 matches found
CVE-2024-36537
CVE-2024-36537 : cert-manager v1.14.4 contains an insecure permissions flaw that allows an attacker to access the service account token and escalate privileges, per NVD/Red Hat/IBM notes. Root cause is improper access control on credentials, enabling exposure of sensitive data. The connected advi...
CVE-2026-25518
Summary: CVE-2026-25518 affects cert-manager-controller in Kubernetes clusters. In versions 1.18.0–1.18.4 and 1.19.0–1.19.2, the controller performs DNS lookups during ACME DNS-01 processing using unencrypted DNS, allowing an attacker able to intercept DNS traffic from the cert-manager pod to ins...