🟠 高危 | CVE-2026-55069 — Kestra is an open-source, event-driven orchestrati...
🟠 CVE-2026-55069
CVSS 评分: 8.7(高危) | 状态: Received | 发布时间: 2026-06-26
漏洞描述
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computation speed to recover the administrator password offline. In Kubernetes deployments, a successful crack further enables reading of the cluster ServiceAccount Token and all K8s Secrets, achieving vertical privilege escalation. This vulnerability is fixed in 1.3.24.
漏洞详情
| 字段 | 值 |
|---|---|
| CVE ID | CVE-2026-55069 |
| CVSS 评分 | 8.7(高危) |
| CVSS 向量 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N |
| CWE | CWE-916 |
| 发布时间 | 2026-06-26 |
| 最后更新 | 2026-06-26 |
| 状态 | Received |
| 数据来源 | security-advisories@github.com |
参考链接
🤖 本文由 CVE 安全快讯机器人自动生成
数据来源: NVD (National Vulnerability Database) | 获取时间: 2026-06-27 09:06
💬 评论