90 matches found
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: crossplane, kargo, pulumi-language-dotnet, pulumi-language-yaml, flux, nfpm, trivy-operator, flux-image-automation-controller, zarf, snyk-cli, trivy, act, grype, src-fingerprint, witness, pulumi, skaffold, kots, tfsec, argo-events, xeol, cerbos, gptscript, osv-scanne...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: crossplane, kargo, pulumi-language-dotnet, pulumi-language-yaml, flux, nfpm, trivy-operator, flux-image-automation-controller, zarf, snyk-cli, trivy, act, grype, src-fingerprint, witness, pulumi, skaffold, kots, tfsec, argo-events, xeol, cerbos, gptscript, osv-scanne...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: crossplane, kargo, pulumi-language-dotnet, pulumi-language-yaml, flux, nfpm, trivy-operator, flux-image-automation-controller, zarf, snyk-cli, trivy, act, grype, src-fingerprint, witness, pulumi, skaffold, kots, tfsec, argo-events, xeol, cerbos, gptscript, osv-scanne...
CVE-2026-45570 vulnerabilities
Vulnerabilities for packages: crossplane, kargo, pulumi-language-dotnet, pulumi-language-yaml, flux, nfpm, trivy-operator, flux-image-automation-controller, zarf, snyk-cli, trivy, act, grype, src-fingerprint, witness, pulumi, skaffold, kots, tfsec, argo-events, xeol, cerbos, gptscript, osv-scanne...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: packer-fips, apko-fips, wolfictl, gitsign, kaniko-fips, src-fingerprint-fips, witness, external-secrets-operator, nfpm, kyverno-fips, gitea, kubescape, mapotf-fips, trivy-operator, grype-fips, gitlab-runner, grype-db, gitlab-runner-fips, flux-fips, argo-workflows-fip...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: packer-fips, apko-fips, wolfictl, gitsign, kaniko-fips, src-fingerprint-fips, witness, external-secrets-operator, nfpm, kyverno-fips, gitea, kubescape, mapotf-fips, trivy-operator, grype-fips, gitlab-runner, grype-db, gitlab-runner-fips, flux-fips, argo-workflows-fip...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: packer-fips, apko-fips, wolfictl, gitsign, kaniko-fips, src-fingerprint-fips, witness, external-secrets-operator, nfpm, kyverno-fips, gitea, kubescape, mapotf-fips, trivy-operator, grype-fips, gitlab-runner, grype-db, gitlab-runner-fips, flux-fips, argo-workflows-fip...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: packer-fips, apko-fips, wolfictl, gitsign, kaniko-fips, src-fingerprint-fips, witness, external-secrets-operator, nfpm, kyverno-fips, gitea, terragrunt-fips, kubescape, mapotf-fips, trivy-operator, grype-fips, gitlab-runner, grype-db, gitlab-runner-fips, nemo,...
CVE-2026-42875
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...
CVE-2026-42876
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42876 External Secrets Operator: Priviledge escalation with secret overwriting
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42876 External Secrets Operator: Priviledge escalation with secret overwriting
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42876
External Secrets Operator (ESO) vulnerability where a user with permission to create ExternalSecret resources can trigger creation of a Secret populated with a long‑lived token for a service account, enabling impersonation of that service account in the namespace. This privilege escalation is pos...
CVE-2026-42875 External Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...
CVE-2026-42875
External Secrets Operator contains a namespace isolation bypass in CAProvider ConfigMap resolution for SecretStore. Before v2.4.0, Namespaced SecretStore resources using CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set, bypassing th...
CVE-2026-34984 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-R2PG-R6H7-CRF3 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-34984 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-R2PG-R6H7-CRF3 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-WV26-88M5-6H59 External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore
Impact Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set. This bypassed the namespace boundary enforced for SecretStore-backed references in providers that rely on the shared runtime CA...