Lucene search
K

163 matches found

Chainguard
Chainguard
added 2026/04/25 7:17 p.m.6 views

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-elbv2-fips, istio-fips, nerdctl-fips, k6-fips, aws-privateca-issuer-fips, crossplane-provider-aws-ecr-fips, gitlab-pages-fips, crossplane-provider-aws-athena-fips, crossplane-provider-aws-sqs-fips, kubernetes-csi-driver-hostpath,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/25 7:17 p.m.10 views

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-elbv2-fips, istio-fips, nerdctl-fips, k6-fips, aws-privateca-issuer-fips, crossplane-provider-aws-ecr-fips, gitlab-pages-fips, crossplane-provider-aws-athena-fips, crossplane-provider-aws-sqs-fips, kubernetes-csi-driver-hostpath,...

7.5CVSS6.1AI score0.00435EPSS
Exploits1
Wolfi
Wolfi
added 2026/04/25 1:49 p.m.8 views

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: cadvisor, terraform, crossplane-provider-aws-iam, amazon-cloudwatch-agent-operator, kuberay-operator, external-dns, crossplane-provider-azure-sql, yunikorn-k8shim, crossplane-provider-aws-cloudwatchlogs, vault-env, nuclei, crossplane-provider-aws-eks, gitlab-pages,...

7.5CVSS6.1AI score0.00435EPSS
Exploits1
Wolfi
Wolfi
added 2026/04/25 1:49 p.m.8 views

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: cadvisor, terraform, crossplane-provider-aws-iam, amazon-cloudwatch-agent-operator, kuberay-operator, external-dns, crossplane-provider-azure-sql, yunikorn-k8shim, crossplane-provider-aws-cloudwatchlogs, vault-env, nuclei, crossplane-provider-aws-eks, gitlab-pages,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/24 7:48 p.m.10 views

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: kyverno, terraform, xeol, seaweedfs, flux-source-controller, cert-manager-cmctl, rancher, teleport, flux, minio, cert-manager-csi-driver, external-secrets-operator, yunikorn-k8shim, dex, kyverno-notation-aws, nuclei, bento, k6, percona-server-mongodb-operator,...

7.5CVSS6.1AI score0.01027EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/24 7:48 p.m.14 views

GHSA-PJCQ-XVWQ-HHPJ vulnerabilities

Vulnerabilities for packages: kyverno, terraform, xeol, seaweedfs, flux-source-controller, cert-manager-cmctl, rancher, teleport, flux, minio, cert-manager-csi-driver, external-secrets-operator, yunikorn-k8shim, dex, kyverno-notation-aws, nuclei, bento, k6, percona-server-mongodb-operator,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/24 7:17 p.m.7 views

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: sftpgo-plugin-auth, k6-fips, telegraf, seaweedfs, yunikorn-k8shim, agentbeat, agentbeat-fips, zot, cert-manager-istio-csr, external-secrets-fips, k6, minio-fips, beats, gitlab-runner, opentofu-fips, juicefs, zitadel, gitea, grafana-fips, neuvector, vault, opentofu,...

7.5CVSS6.1AI score0.01027EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/18 7:17 p.m.7 views

GHSA-3XC5-WRHM-F963 vulnerabilities

Vulnerabilities for packages: witness, upwind-agent, scorecard, google-osconfig-agent, nemo, gitlab-rails-ce, grafana-alloy, kaniko, pulumi-language-dotnet, zot, chainctl-fips, kubescape, kubescape-server-fips, commercial-chainloop-cli, gitlab-runner, wolfictl, gomplate,...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/14 9:30 p.m.5 views

CVE-2026-34984

A flaw was found in External Secrets Operator. An attacker with the ability to create or update templated ExternalSecret resources can exploit a vulnerability in the v2 template engine. This flaw allows the attacker to use the getHostByName function to perform controller-side DNS lookups, leading...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/14 4:4 a.m.9 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the getHostByName function in the v2 template engine. An attacker can cause sensitive data to be disclosed by crafting or updating templated resources that trigger DNS queries containing secret-derived values fr...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 3:16 a.m.5 views

CVE-2026-34984

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...

7.1CVSS0.00262EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 1:48 a.m.36 views

CVE-2026-34984 External Secrets Operator has DNS exfiltration via getHostByName in its v2 template engine

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...

7.1CVSS0.00262EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/14 1:48 a.m.9 views

EUVD-2026-22190

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:48 a.m.5 views

CVE-2026-34984

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 1:48 a.m.2 views

CVE-2026-34984 External Secrets Operator has DNS exfiltration via getHostByName in its v2 template engine

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 1:48 a.m.21 views

CVE-2026-34984

Summary: External Secrets Operator (ESO) versions 2.2.0 and earlier are vulnerable due to the v2 template engine’s getHostByName exposure in runtime/template/v2/template.go. An attacker who can create or update templated ExternalSecret resources can trigger controller-side DNS lookups using secre...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

External Secrets 信息泄露漏洞

External Secrets is an open-source Kubernetes-related application developed by External Secrets. Versions of External Secrets 2.2.0 and earlier contain a vulnerability related to information leakage. This vulnerability stems from the v2 template engine not removing the getHostByName function, whi...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/13 4:36 p.m.9 views

External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine

Summary The v2 template engine in runtime/template/v2/template.go imports Sprig’s TxtFuncMap and removes env and expandenv, but leaves getHostByName available to user-controlled templates. Because ESO executes templates inside the controller process, an attacker who can create or update templated...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/13 4:36 p.m.4 views

GHSA-R2PG-R6H7-CRF3 External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine

Summary The v2 template engine in runtime/template/v2/template.go imports Sprig’s TxtFuncMap and removes env and expandenv, but leaves getHostByName available to user-controlled templates. Because ESO executes templates inside the controller process, an attacker who can create or update templated...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32571

Name of the Vulnerable Software and Affected Versions External Secrets Operator versions prior to 2.3.0 Description The v2 template engine in runtime/template/v2/template.go removes env and expandenv from TxtFuncMap but leaves the getHostByName function accessible to user-controlled templates...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References10
Rows per page
Query Builder