Linuxfoundation

Tekton Pipelines

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-40923

  • EPSS 0.05%
  • Veröffentlicht 21.04.2026 20:50:53
  • Zuletzt bearbeitet 27.04.2026 18:07:23

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path trav...

6.5

CVE-2026-40924

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.04.2026 20:47:47
  • Zuletzt bearbeitet 27.04.2026 18:06:10

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to cre...

8.5

CVE-2026-40938

Exploit
  • EPSS 0.09%
  • Veröffentlicht 21.04.2026 20:45:24
  • Zuletzt bearbeitet 28.04.2026 15:06:01

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does...

6.5

CVE-2026-40161

  • EPSS 0.03%
  • Veröffentlicht 21.04.2026 16:26:27
  • Zuletzt bearbeitet 24.04.2026 20:55:59

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omit...

6.5

CVE-2026-25542

Exploit
  • EPSS 0.03%
  • Veröffentlicht 21.04.2026 16:05:43
  • Zuletzt bearbeitet 01.05.2026 16:33:50

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43.0 to 1.11.0, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.Mat...

9.6

CVE-2026-33211

  • EPSS 0.03%
  • Veröffentlicht 23.03.2026 23:55:54
  • Zuletzt bearbeitet 26.03.2026 15:42:12

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via t...

6.5

CVE-2026-33022

  • EPSS 0.02%
  • Veröffentlicht 20.03.2026 07:48:15
  • Zuletzt bearbeitet 24.03.2026 16:19:48

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that...

4.3

CVE-2023-37264

Exploit
  • EPSS 0.1%
  • Veröffentlicht 07.07.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:20

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that th...