This page collects WhisperX intelligence signals tagged #Kubernetes. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw has been verified as exploitable in the slashben/kubescape GitHub repository, posing a direct threat to its CI/CD pipeline integrity. The vulnerability, identified as CACHE-001, is a cache poisoning attack enabled by a shared cache scope between untrusted and trusted workflows. Automated pentes...
A potential artifact poisoning vulnerability (INJ-002) has been flagged in the popular Kubernetes security tool repository, slashben/kubescape. The finding, initially assessed as a medium-severity risk, was downgraded to low after automated verification failed to successfully exploit the configuration weakness. This hi...
A critical security vulnerability, designated SEC-002, has been verified as exploitable in the `slashben/kubescape` GitHub repository. The flaw, initially rated as medium severity, has been escalated to HIGH following active penetration testing. The pentest agent confirmed the vulnerability can be successfully exploite...
A critical supply chain vulnerability has been verified as exploitable within the official `slashben/kubescape` GitHub repository, a key security tool for Kubernetes. The finding, escalated from HIGH to CRITICAL severity, reveals that every single one of the repository's 24 GitHub Action references uses mutable tags, c...
A critical security misconfiguration has been identified in the popular Kubernetes security tool repository, slashben/kubescape. A GitHub Actions workflow is configured with excessive 'read-all' permissions, granting broad read access to sensitive repository scopes. This flaw is not merely theoretical; the vulnerable w...
A critical visibility gap exists for Kubernetes cluster operators. While tools like kube9 assess cluster security, there is currently no mechanism to collect or surface CVE-oriented data from container images, leaving a blind spot in the security posture. This lack of vulnerability intelligence hampers operators' abili...
The Istio service mesh has released a critical security patch for version 1.21.6, addressing a severe vulnerability in the underlying gRPC-Go library. The flaw, tracked as CVE-2026-33186, allows for a complete authorization bypass. The exploit hinges on a missing leading slash in the HTTP/2 `:path` pseudo-header, which...
Kubernetes 확장 플랫폼 KubePlus의 4.1.4 버전에 심각한 서버 측 요청 위조(SSRF) 취약점이 존재한다. 이 취약점(CVE-2026-29954)은 CVSS 7.6의 높은 위험도로 평가되며, 공격자가 내부 네트워크를 탐색하거나 임의의 HTTP 헤더를 주입하고 명령어를 실행할 수 있는 경로를 열어준다. 취약점의 핵심은 ResourceComposition 리소스의 'chartURL' 필드를 처리하는 mutating webhook 및 kubeconfiggenerator 컴포넌트가 URL 인코딩만 수행하고 대상 주소를 검증하지 않아 발생하는 SSRF에 있다...
OpenBao Secrets Operator 项目的主分支代码库中,发现了一个可被利用的 HTTP/2 协议漏洞。安全扫描工具 govulncheck 标记该漏洞为“可触及”,意味着攻击路径在代码中实际存在。漏洞编号为 GO-2024-2687,根源在于 Go 语言标准库 `net/http` 对 HTTP/2 CONTINUATION 帧的处理存在缺陷。攻击者可通过发送大量 CONTINUATION 帧,迫使 HTTP/2 端点读取任意数量的头部数据,从而可能耗尽服务器资源或导致服务中断。 该漏洞影响项目 `openbao/openbao-secrets-operator` 的 `main` 分支,并波及多个核心依赖,包括 ...
A critical security patch for Red Hat's OpenShift API for Data Protection (OADP) 1.5 is addressing multiple high-severity vulnerabilities in its core Go programming language toolchain and foundational libraries. The update is a forced response to a cluster of CVEs, including a significant X.509 email address constraint...
OpenBao Secrets Operator 的主代码库中,一个可被利用的 HTTP/2 协议漏洞已被安全扫描工具 govulncheck 标记为“可触及”。该漏洞编号为 GO-2024-2687,存在于多个核心依赖中,包括 `golang.org/x/net` 库。攻击者可通过发送过量的 CONTINUATION 帧,迫使 HTTP/2 端点读取任意数量的头部数据,从而可能耗尽服务器资源或导致服务中断。 漏洞直接影响 `openbao/openbao-secrets-operator` 仓库的 `main` 分支。受影响的依赖版本范围广泛,涉及 `github.com/aws/aws-sdk-go`、`github.com/...
The Kubernaut Agent's core investigation pipeline is vulnerable to prompt injection attacks, as it processes untrusted content from multiple Kubernetes sources directly into its LLM context window without any sanitization or detection. This creates a direct path for attackers to manipulate the agent's reasoning and out...
OpenBao Secrets Operator 项目的主分支代码库中,发现了一个可被利用的严重安全漏洞。漏洞追踪编号为 GO-2024-2687,存在于多个核心依赖中,包括 `golang.org/x/net` 等。攻击者通过向 HTTP/2 端点发送过量的 CONTINUATION 帧,可以强制服务器读取任意数量的头部数据,从而可能耗尽服务器资源或导致服务中断。该漏洞的威胁级别为“可触及”,意味着在现有代码路径中存在被利用的风险。 具体而言,该漏洞源于 HTTP/2 协议实现中对 CONTINUATION 帧的处理缺陷。为了维护 HPACK 状态,服务器必须解析和处理连接上的所有 HEADERS 和 CONTINUATION ...
A Trivy security scan has flagged five significant vulnerabilities within the `backplane-2.11` branch of the `stolostron/cluster-api-provider-azure` repository, including one critical and two high-severity flaws. The automated scan, run on March 30, 2026, detected all vulnerabilities within the project's `go.mod` depen...
A Trivy security scan has flagged three distinct vulnerabilities within the `backplane-2.17` branch of the stolostron/cluster-api-provider-azure repository. The automated scan, run on March 30, 2026, identified one high-severity flaw, one medium, and one low, all originating from the project's `go.mod` dependencies. Th...
Kubernetes 包管理器 Helm 爆出高危安全漏洞,攻击者可通过特制的 `Chart.yaml` 文件在本地执行任意代码。该漏洞被追踪为 CVE-2025-53547(GHSA-557j-xg8c-q2mm),由 Helm 项目贡献者发现,核心风险在于依赖更新流程。当用户处理包含恶意内容的 `Chart.yaml` 文件及其关联的 `Chart.lock` 文件时,攻击者可利用此漏洞在目标系统上实现代码注入与执行。 漏洞细节显示,攻击向量集中在 `Chart.yaml` 文件的特定字段。当 Helm 解析这些字段并处理依赖关系时,恶意构造的内容可能绕过安全限制,触发非预期的代码执行路径。此漏洞影响范围广泛,因为 Helm ...
A critical security vulnerability in Kubeflow Pipelines (KFP) that allowed unauthorized cross-namespace artifact access has been patched. The fix, implemented in a recently merged pull request, directly addresses a long-standing security flaw documented in issue #9889, which had left sensitive data exposed across Kuber...
A medium-severity vulnerability, CVE-2026-32289, has been identified within the Kyverno project, exposing a potential path to cross-site scripting (XSS) attacks. The core flaw resides in the engine's handling of JavaScript template literals, where context tracking fails across template branches. This failure, combined ...
A critical path traversal vulnerability in the Helm Kubernetes package manager allows a maliciously crafted chart to write files outside the intended directory during an untar operation. The flaw, tracked as CVE-2026-35206, affects Helm versions <=3.20.1 and <=3.20.2, and is addressed in the latest security update to v...
A critical security vulnerability in Helm, the Kubernetes package manager, has been patched in version 3.20.2. The flaw, tracked by a CVE, existed in versions up to and including 3.20.1 and involved a flaw in how Helm processes Chart.yaml files during extraction. Specifically, the vulnerability allowed a maliciously cr...