CNNVD-202602-2067 Information
Feb 12, 2026
cve
CNNVD ID
CNNVD-202602-2067
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
yoke是YokeCD开源的一个Kubernetes包管理工具。 Yoke 0.19.0及之前版本存在访问控制错误漏洞,该漏洞源于Air Traffic Controller组件Webhook端点缺乏适当的身份验证机制,允许集群网络内的任何Pod绕过Kubernetes API Server身份验证。
Description (English)
Yoke is a Kubernetes package management tool for YokeCD open source. Yoke 0.19.0 and previous versions had access control bugs, which stemmed from the lack of an appropriate authentication mechanism at the Webhole end of the Air Traffic Contractor component, allowing any Pod within the cluster network to bypass Kubernetes API Server identification.
Vulnerability Type
访问控制错误
Affected Vendor
YokeCD
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/yokecd/yoke/security/advisories/GHSA-965m-v4cc-6334
Patch
https://github.com/yokecd/yoke/releases
Share on: