CNNVD-202512-3908 Information

CNNVD ID

CNNVD-202512-3908

Related CVE

CVE-2025-68476

• CNNVD Published: 2025-12-22

Description (Chinese)

keda是KEDA开源的一个Kubernetes缩扩容软件。 keda 2.17.3之前版本和2.18.3之前版本存在安全漏洞，该漏洞源于TriggerAuthentication中路径验证不足，可能导致任意文件读取。

Description (English)

Keda is a Kubernetes scalding software from the open source of KEDA. There is a security loophole in the pre-Keda 2.17.3 and pre-2.18.3 versions, which stems from inadequate routing in TriggerAuthentation, which may lead to arbitrary access to documents.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

KEDA

Published

2025-12-22

Last Modified

2026-02-24

References

https://github.com/kedacore/keda/security/advisories/GHSA-c4p6-qg4m-9jmr https://github.com/kedacore/keda/commit/15c5677f65f809b9b6b59a52f4cf793db0a510fd https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68476

Patch

https://github.com/kedacore/keda/releases