Lucene search
K

102 matches found

NVD
NVD
added 2026/05/11 8:25 p.m.24 views

CVE-2026-42876

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...

4.9CVSS0.00214EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 8:25 p.m.10 views

CVE-2026-42875

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...

5.3CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 6:58 p.m.19 views

CVE-2026-42876

External Secrets Operator (ESO) vulnerability where a user with permission to create ExternalSecret resources can trigger creation of a Secret populated with a long‑lived token for a service account, enabling impersonation of that service account in the namespace. This privilege escalation is pos...

4.9CVSS5.8AI score0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 6:58 p.m.10 views

CVE-2026-42876 External Secrets Operator: Priviledge escalation with secret overwriting

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...

4.9CVSS5.8AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 6:58 p.m.47 views

CVE-2026-42876 External Secrets Operator: Priviledge escalation with secret overwriting

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...

4.9CVSS0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 6:56 p.m.41 views

CVE-2026-42875 External Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...

5.3CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 6:56 p.m.15 views

CVE-2026-42875

External Secrets Operator contains a namespace isolation bypass in CAProvider ConfigMap resolution for SecretStore. Before v2.4.0, Namespaced SecretStore resources using CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set, bypassing th...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/05/07 7:48 p.m.19 views

CVE-2026-34984 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

7.1CVSS5.8AI score0.00262EPSS
Exploits0
Wolfi
Wolfi
added 2026/05/07 7:48 p.m.21 views

GHSA-R2PG-R6H7-CRF3 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/07 7:17 p.m.15 views

CVE-2026-34984 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

7.1CVSS5.8AI score0.00262EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/07 7:17 p.m.13 views

GHSA-R2PG-R6H7-CRF3 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/05 6:37 p.m.4 views

GHSA-WV26-88M5-6H59 External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore

Impact Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set. This bypassed the namespace boundary enforced for SecretStore-backed references in providers that rely on the shared runtime CA...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/04/25 7:17 p.m.7 views

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-kendra, crossplane-provider-aws-kendra-fips, amazon-cloudwatch-agent-operator, crossplane-provider-aws-efs-fips, crossplane-provider-azure-relay, ipfs-cluster, aws-privateca-issuer-fips, datadog-agent-fips, crossplane-provider-aws-sns-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/25 7:17 p.m.10 views

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-kendra, crossplane-provider-aws-kendra-fips, amazon-cloudwatch-agent-operator, crossplane-provider-aws-efs-fips, crossplane-provider-azure-relay, ipfs-cluster, aws-privateca-issuer-fips, datadog-agent-fips, crossplane-provider-aws-sns-fips,...

7.5CVSS6.1AI score0.00435EPSS
Exploits1
Wolfi
Wolfi
added 2026/04/25 1:49 p.m.8 views

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: falco-no-driver, kserve-modelmesh-serving, eksctl, ipfs-cluster, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-rollouts, cri-tools, cilium, crossplane-provider-aws-eks, step, cloud-provider-vsphere, spark-operator, cloudflared, src,...

7.5CVSS6.1AI score0.00435EPSS
Exploits1
Wolfi
Wolfi
added 2026/04/25 1:49 p.m.8 views

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: falco-no-driver, kserve-modelmesh-serving, eksctl, ipfs-cluster, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-rollouts, cri-tools, cilium, crossplane-provider-aws-eks, step, cloud-provider-vsphere, spark-operator, cloudflared, src,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/24 7:48 p.m.11 views

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: sftpgo-plugin-auth, bento, cert-manager, rancher-webhook, opentofu, zot, percona-server-mongodb-operator, trufflehog, cert-manager-cmctl, dex, cert-manager-istio-csr, kyverno, nuclei, frp, harbor, k6, gitlab-runner, kyverno-notation-aws, minio, cert-manager-csi-drive...

7.5CVSS6.1AI score0.01027EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/24 7:48 p.m.14 views

GHSA-PJCQ-XVWQ-HHPJ vulnerabilities

Vulnerabilities for packages: sftpgo-plugin-auth, bento, cert-manager, rancher-webhook, opentofu, zot, percona-server-mongodb-operator, trufflehog, cert-manager-cmctl, dex, cert-manager-istio-csr, kyverno, nuclei, frp, harbor, k6, gitlab-runner, kyverno-notation-aws, minio, cert-manager-csi-drive...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/24 7:17 p.m.8 views

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: cloudbeat, cert-manager-cmctl, kyverno-fips, commercial-grafana, seaweedfs-fips, sftpgo-plugin-auth, terraform, openbao-fips, rancher-webhook-fips, gitea-fips, minio-fips, harbor, nuclei, beats, agentbeat-fips, neuvector-fips, minio,...

7.5CVSS6.1AI score0.01027EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/18 7:17 p.m.7 views

GHSA-3XC5-WRHM-F963 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, chainloop-cli-fips, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, terragrunt-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, mapotf, kubescape-server-fips,...

6.1AI score
Exploits0
Rows per page
Query Builder