Browse all 5 CVE security advisories affecting gardener. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Gardener is an open-source platform for managing Kubernetes-based garden clusters, enabling automated deployment and lifecycle management of applications. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues due to improper input validation and insecure default configurations. The platform's CVE history reveals consistent weaknesses in its API endpoints and web interfaces, with five documented vulnerabilities including RCE through crafted requests and XSS via unsanitized user inputs. While no major public incidents have been reported, the recurring nature of these flaws suggests potential risks in multi-tenant environments where compromised gardens could impact hosted applications.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67508 | gardenctl is vulnerable to Command Injection when used with non‑POSIX shells — gardenctl-v2CWE-77 | 6.0AI | MediumAI | 2025-12-12 |
| CVE-2025-59823 | Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning — gardener-extension-provider-awsCWE-94 | 7.2AI | HighAI | 2025-09-25 |
| CVE-2025-47284 | Gardener vulnerable to metadata injection for a project secret that can lead to privilege escalation — gardenerCWE-150 | 9.1AI | CriticalAI | 2025-05-19 |
| CVE-2025-47283 | Bypassing project secret validation can lead to privilege escalation — gardenerCWE-20 | 9.1AI | CriticalAI | 2025-05-19 |
| CVE-2025-47282 | Malicious google credential in DNS secret can lead to privilege escalation — external-dns-managementCWE-20 | 9.1AI | CriticalAI | 2025-05-19 |
This page lists every published CVE security advisory associated with gardener. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.