Linuxfoundation

Tekton Pipelines

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.22%
  • Veröffentlicht 21.04.2026 20:50:53
  • Zuletzt bearbeitet 27.04.2026 18:07:23

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path trav...

Exploit
  • EPSS 0.32%
  • Veröffentlicht 21.04.2026 20:47:47
  • Zuletzt bearbeitet 27.04.2026 18:06:10

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to cre...

Exploit
  • EPSS 0.79%
  • Veröffentlicht 21.04.2026 20:45:24
  • Zuletzt bearbeitet 08.07.2026 13:16:41

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positiona...

  • EPSS 0.26%
  • Veröffentlicht 21.04.2026 16:26:27
  • Zuletzt bearbeitet 21.05.2026 22:16:48

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configur...

Exploit
  • EPSS 0.26%
  • Veröffentlicht 21.04.2026 16:05:43
  • Zuletzt bearbeitet 01.05.2026 16:33:50

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43.0 to 1.11.0, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.Mat...

  • EPSS 0.57%
  • Veröffentlicht 23.03.2026 23:55:54
  • Zuletzt bearbeitet 09.07.2026 13:16:58

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via t...

  • EPSS 0.37%
  • Veröffentlicht 20.03.2026 07:48:15
  • Zuletzt bearbeitet 24.03.2026 16:19:48

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that...

Exploit
  • EPSS 0.38%
  • Veröffentlicht 07.07.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:20

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that th...