Lucene search
K

102 matches found

NVD
NVD
added 2025/10/10 11:15 p.m.8 views

CVE-2025-62159

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/10 10:23 p.m.4 views

EUVD-2025-33793

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS6.3AI score0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/10 10:23 p.m.1 views

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS6.5AI score0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/10 10:23 p.m.9 views

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2025/10/10 10:23 p.m.21 views

CVE-2025-62159

CVE-2025-62159 affects External Secrets Operator’s BeyondTrust provider (versions 0.10.1–0.19.2). The legacy code retrieved Kubernetes secrets directly without validating namespace context or secret store type, enabling cross‑namespace secret access and security boundary violations. In version 0....

8.7CVSS6.5AI score0.00285EPSS
Exploits0References1
OSV
OSV
added 2025/10/10 10:23 p.m.5 views

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS6.9AI score0.00285EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.7 views

PT-2025-41614

Name of the Vulnerable Software and Affected Versions External Secrets Operator versions 0.10.1 through 0.19.2 Description The External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A flaw exists in the BeyondTrust provid...

8.7CVSS6.2AI score0.00285EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24649

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00324EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/15 11:42 p.m.12 views

CVE-2025-55196

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...

7.1CVSS6.5AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2025/08/13 11:15 p.m.8 views

CVE-2025-55196

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...

7.1CVSS0.00324EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/13 10:54 p.m.9 views

CVE-2025-55196 External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...

7.1CVSS0.00324EPSS
Exploits0References5
CVE
CVE
added 2025/08/13 10:54 p.m.33 views

CVE-2025-55196

External Secrets Operator (github.com/external-secrets/external-secrets) contains a vulnerability in versions 0.15.0–0.19.1 where PushSecret List() calls on Kubernetes Secret and SecretStore resources ignore namespace selectors. This allows an attacker who can create or update PushSecret resource...

7.1CVSS6.4AI score0.00324EPSS
Exploits0References5
OSV
OSV
added 2025/08/13 7:45 p.m.3 views

GHSA-FCXQ-V2R3-CC8H External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access

Summary A vulnerability was discovered in the External Secrets Operator where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read...

7.1CVSS6.3AI score0.00324EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/08/13 7:45 p.m.10 views

External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access

Summary A vulnerability was discovered in the External Secrets Operator where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read...

7.1CVSS6.3AI score0.00324EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.3 views

PT-2025-33101 · External Secrets · External Secrets Operator

Name of the Vulnerable Software and Affected Versions: External Secrets Operator versions 0.15.0 through 0.19.1 Description: A flaw was discovered in the External Secrets Operator where List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply...

7.1CVSS6.1AI score0.00324EPSS
Exploits0References13
OSV
OSV
added 2024/09/13 9:52 p.m.31 views

GO-2024-3126 External Secrets Operator vulnerable to privilege escalation in github.com/external-secrets/external-secrets

External Secrets Operator vulnerable to privilege escalation in github.com/external-secrets/external-secrets...

8.8CVSS8.7AI score0.00591EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/09/09 6:16 p.m.24 views

External Secrets Operator vulnerable to privilege escalation

Details The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets...

8.8CVSS7.2AI score0.00591EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/09 2:54 p.m.18 views

CVE-2024-45041 External Secrets Operator vulnerable to privilege escalation

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It...

8.3CVSS6.7AI score0.00591EPSS
Exploits0References2
Wolfi
Wolfi
added 2024/06/11 5:16 p.m.113 views

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: restic, step, tempo, flux-source-controller, opentelemetry-collector, argo-events, prometheus-operator, buildkitd, thanos, external-dns, flux-kustomize-controller, argo-workflows, py3-cassandra-medusa, flux, boring-registry, chezmoi, rook, cluster-autoscaler,...

5.5CVSS6.5AI score0.00788EPSS
Exploits0
Wolfi
Wolfi
added 2024/03/09 1:15 a.m.59 views

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: aactl, step, flux-source-controller, skopeo, vexctl, caddy, gitsign, gomplate, flux-kustomize-controller, argo-workflows, minio, rook, policy-controller, kargo, temporal, dex, apko, kots, melange, timestamp-authority, zarf, slsa-verifier, rekor, skaffold, tkn,...

4.3CVSS6.6AI score0.01956EPSS
Exploits0
Rows per page
Query Builder