CVE-2026-40923
- EPSS 0.22%
- Veröffentlicht 21.04.2026 20:50:53
- Zuletzt bearbeitet 27.04.2026 18:07:23
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path trav...
CVE-2026-40924
- EPSS 0.32%
- Veröffentlicht 21.04.2026 20:47:47
- Zuletzt bearbeitet 27.04.2026 18:06:10
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to cre...
CVE-2026-40938
- EPSS 0.79%
- Veröffentlicht 21.04.2026 20:45:24
- Zuletzt bearbeitet 08.07.2026 13:16:41
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positiona...
CVE-2026-40161
- EPSS 0.26%
- Veröffentlicht 21.04.2026 16:26:27
- Zuletzt bearbeitet 21.05.2026 22:16:48
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configur...
CVE-2026-25542
- EPSS 0.26%
- Veröffentlicht 21.04.2026 16:05:43
- Zuletzt bearbeitet 01.05.2026 16:33:50
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43.0 to 1.11.0, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.Mat...
CVE-2026-33211
- EPSS 0.57%
- Veröffentlicht 23.03.2026 23:55:54
- Zuletzt bearbeitet 09.07.2026 13:16:58
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via t...
CVE-2026-33022
- EPSS 0.37%
- Veröffentlicht 20.03.2026 07:48:15
- Zuletzt bearbeitet 24.03.2026 16:19:48
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that...
CVE-2023-37264
- EPSS 0.38%
- Veröffentlicht 07.07.2023 17:15:10
- Zuletzt bearbeitet 21.11.2024 08:11:20
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that th...