Page 21 of 294 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0. • https://bugzilla.suse.com/show_bug.cgi?id=1210218 • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets. Version 0.2.32 mitigates this issue by restricting the resources the `open-feature-operator-controller-manager` can modify. • https://github.com/open-feature/open-feature-operator/releases/tag/v0.2.32 https://github.com/open-feature/open-feature-operator/security/advisories/GHSA-cwf6-xj49-wp83 • CWE-269: Improper Privilege Management •

CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0

Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. • https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88 https://github.com/vitessio/vitess/commits/v0.16.1 https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f • CWE-20: Improper Input Validation CWE-703: Improper Check or Handling of Exceptional Conditions •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret. • https://github.com/cubefs/cubefs/issues/1882 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. • https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17 https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc https://access.redhat.com/security/cve/CVE-2023-25809 https://bugzilla.redhat.com/show_bug.cgi?id=2182884 • CWE-276: Incorrect Default Permissions CWE-281: Improper Preservation of Permissions •