163 matches found
GHSA-MH2Q-Q3FH-2475 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-elbv2-fips, istio-fips, nerdctl-fips, k6-fips, aws-privateca-issuer-fips, crossplane-provider-aws-ecr-fips, gitlab-pages-fips, crossplane-provider-aws-athena-fips, crossplane-provider-aws-sqs-fips, kubernetes-csi-driver-hostpath,...
CVE-2026-29181 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-elbv2-fips, istio-fips, nerdctl-fips, k6-fips, aws-privateca-issuer-fips, crossplane-provider-aws-ecr-fips, gitlab-pages-fips, crossplane-provider-aws-athena-fips, crossplane-provider-aws-sqs-fips, kubernetes-csi-driver-hostpath,...
CVE-2026-29181 vulnerabilities
Vulnerabilities for packages: cadvisor, terraform, crossplane-provider-aws-iam, amazon-cloudwatch-agent-operator, kuberay-operator, external-dns, crossplane-provider-azure-sql, yunikorn-k8shim, crossplane-provider-aws-cloudwatchlogs, vault-env, nuclei, crossplane-provider-aws-eks, gitlab-pages,...
GHSA-MH2Q-Q3FH-2475 vulnerabilities
Vulnerabilities for packages: cadvisor, terraform, crossplane-provider-aws-iam, amazon-cloudwatch-agent-operator, kuberay-operator, external-dns, crossplane-provider-azure-sql, yunikorn-k8shim, crossplane-provider-aws-cloudwatchlogs, vault-env, nuclei, crossplane-provider-aws-eks, gitlab-pages,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: kyverno, terraform, xeol, seaweedfs, flux-source-controller, cert-manager-cmctl, rancher, teleport, flux, minio, cert-manager-csi-driver, external-secrets-operator, yunikorn-k8shim, dex, kyverno-notation-aws, nuclei, bento, k6, percona-server-mongodb-operator,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: kyverno, terraform, xeol, seaweedfs, flux-source-controller, cert-manager-cmctl, rancher, teleport, flux, minio, cert-manager-csi-driver, external-secrets-operator, yunikorn-k8shim, dex, kyverno-notation-aws, nuclei, bento, k6, percona-server-mongodb-operator,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-auth, k6-fips, telegraf, seaweedfs, yunikorn-k8shim, agentbeat, agentbeat-fips, zot, cert-manager-istio-csr, external-secrets-fips, k6, minio-fips, beats, gitlab-runner, opentofu-fips, juicefs, zitadel, gitea, grafana-fips, neuvector, vault, opentofu,...
GHSA-3XC5-WRHM-F963 vulnerabilities
Vulnerabilities for packages: witness, upwind-agent, scorecard, google-osconfig-agent, nemo, gitlab-rails-ce, grafana-alloy, kaniko, pulumi-language-dotnet, zot, chainctl-fips, kubescape, kubescape-server-fips, commercial-chainloop-cli, gitlab-runner, wolfictl, gomplate,...
CVE-2026-34984
A flaw was found in External Secrets Operator. An attacker with the ability to create or update templated ExternalSecret resources can exploit a vulnerability in the v2 template engine. This flaw allows the attacker to use the getHostByName function to perform controller-side DNS lookups, leading...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the getHostByName function in the v2 template engine. An attacker can cause sensitive data to be disclosed by crafting or updating templated resources that trigger DNS queries containing secret-derived values fr...
CVE-2026-34984
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...
CVE-2026-34984 External Secrets Operator has DNS exfiltration via getHostByName in its v2 template engine
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...
EUVD-2026-22190
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...
CVE-2026-34984
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...
CVE-2026-34984 External Secrets Operator has DNS exfiltration via getHostByName in its v2 template engine
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...
CVE-2026-34984
Summary: External Secrets Operator (ESO) versions 2.2.0 and earlier are vulnerable due to the v2 template engine’s getHostByName exposure in runtime/template/v2/template.go. An attacker who can create or update templated ExternalSecret resources can trigger controller-side DNS lookups using secre...
External Secrets 信息泄露漏洞
External Secrets is an open-source Kubernetes-related application developed by External Secrets. Versions of External Secrets 2.2.0 and earlier contain a vulnerability related to information leakage. This vulnerability stems from the v2 template engine not removing the getHostByName function, whi...
External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine
Summary The v2 template engine in runtime/template/v2/template.go imports Sprig’s TxtFuncMap and removes env and expandenv, but leaves getHostByName available to user-controlled templates. Because ESO executes templates inside the controller process, an attacker who can create or update templated...
GHSA-R2PG-R6H7-CRF3 External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine
Summary The v2 template engine in runtime/template/v2/template.go imports Sprig’s TxtFuncMap and removes env and expandenv, but leaves getHostByName available to user-controlled templates. Because ESO executes templates inside the controller process, an attacker who can create or update templated...
PT-2026-32571
Name of the Vulnerable Software and Affected Versions External Secrets Operator versions prior to 2.3.0 Description The v2 template engine in runtime/template/v2/template.go removes env and expandenv from TxtFuncMap but leaves the getHostByName function accessible to user-controlled templates...