VYPR
Vendor

Gardener

Products
7
CVEs
8
Across products
8
Status
Private

Products

7

Recent CVEs

8
  • CVE-2025-59823CriSep 25, 2025
    risk 0.57cvss 9.9epss 0.00

    Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version…

  • CVE-2025-47282CriMay 19, 2025
    risk 0.57cvss 9.9epss 0.01

    Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener…

  • CVE-2025-67508Dec 12, 2025
    risk 0.00cvss epss 0.00

    gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener…

  • CVE-2025-47284May 19, 2025
    risk 0.00cvss epss 0.00

    Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative…

  • CVE-2025-47283May 19, 2025
    risk 0.00cvss epss 0.01

    Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener…

  • CVE-2023-44392Oct 9, 2023
    risk 0.00cvss epss 0.01

    Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects…

  • CVE-2022-24829Apr 11, 2022
    risk 0.00cvss epss 0.01

    Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked…

  • CVE-2019-12494Jun 5, 2019
    risk 0.00cvss epss 0.02

    In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked.