172 matches found
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: pulumi-language-yaml, argocd-image-updater, guac, gitlab-runner, snyk-cli, gptscript, apko, goreleaser, gitaly, melange, steampipe, trufflehog, pulumi-language-dotnet, external-secrets-operator, kots, syft, bom, gitea, nfpm, nuclei, k9s, kubescape, grype, argo-cd,...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: pulumi-language-yaml, argocd-image-updater, guac, gitlab-runner, snyk-cli, gptscript, apko, goreleaser, gitaly, melange, steampipe, trufflehog, pulumi-language-dotnet, external-secrets-operator, kots, syft, bom, gitea, nfpm, nuclei, k9s, kubescape, grype, argo-cd,...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: pulumi-language-yaml, argocd-image-updater, guac, gitlab-runner, snyk-cli, gptscript, apko, goreleaser, gitaly, melange, steampipe, trufflehog, pulumi-language-dotnet, external-secrets-operator, kots, syft, bom, gitea, nfpm, nuclei, k9s, kubescape, grype, argo-cd,...
CVE-2026-45570 vulnerabilities
Vulnerabilities for packages: pulumi-language-yaml, argocd-image-updater, guac, gitlab-runner, snyk-cli, gptscript, apko, goreleaser, gitaly, melange, steampipe, trufflehog, pulumi-language-dotnet, external-secrets-operator, kots, syft, bom, gitea, nfpm, nuclei, k9s, kubescape, grype, argo-cd,...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: grype-db, kubescape-server-fips, teleport, trivy-fips, steampipe, gomplate, nemo, kubescape-server, osv-scanner, gitaly-fips, argo-workflows, mapotf-fips, external-secrets-operator, syft-fips, gitlab-rails-ce, cerbos-fips, argocd-image-updater-fips, syft, chainctl,...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: grype-db, kubescape-server-fips, teleport, trivy-fips, steampipe, gomplate, nemo, kubescape-server, osv-scanner, gitaly-fips, argo-workflows, mapotf-fips, external-secrets-operator, syft-fips, gitlab-rails-ce, cerbos-fips, argocd-image-updater-fips, syft, chainctl,...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: grype-db, kubescape-server-fips, teleport, trivy-fips, steampipe, gomplate, nemo, kubescape-server, osv-scanner, gitaly-fips, argo-workflows, mapotf-fips, external-secrets-operator, syft-fips, gitlab-rails-ce, cerbos-fips, argocd-image-updater-fips, syft, chainctl,...
CLEANSTART-2026-MI47415 Security fixes for CVE-2025-61729, CVE-2026-32952, ghsa-mh2q-q3fh-2475, ghsa-pjcq-xvwq-hhpj applied in versions: 1.1.0-r0, 2.4.1-r0
Multiple security vulnerabilities affect the external-secrets package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: grype-db, kubescape-server-fips, teleport, trivy-fips, steampipe, gomplate, grafana, nemo, kubescape-server, osv-scanner, gitaly-fips, argo-workflows, mapotf-fips, external-secrets-operator, syft-fips, gitlab-rails-ce, cerbos-fips, argocd-image-updater-fips, syft,...
CVE-2026-42875
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...
CVE-2026-42876
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42876 External Secrets Operator: Priviledge escalation with secret overwriting
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42876 External Secrets Operator: Priviledge escalation with secret overwriting
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42876
External Secrets Operator (ESO) vulnerability where a user with permission to create ExternalSecret resources can trigger creation of a Secret populated with a long‑lived token for a service account, enabling impersonation of that service account in the namespace. This privilege escalation is pos...
CVE-2026-42876 External Secrets Operator: Priviledge escalation with secret overwriting
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42875 External Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...
CVE-2026-42875
External Secrets Operator contains a namespace isolation bypass in CAProvider ConfigMap resolution for SecretStore. Before v2.4.0, Namespaced SecretStore resources using CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set, bypassing th...
CVE-2026-42875 External Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...
External Secrets 授权问题漏洞
External Secrets is an open-source Kubernetes-related application developed by External Secrets. Versions of the External Secrets Operator prior to 2.4.1 had an authorization issue vulnerability. This vulnerability stemmed from the ability for users to create ExternalSecret resources, allowing...
External Secrets 授权问题漏洞
External Secrets is an open-source Kubernetes-related application developed by External Secrets. Versions of External Secrets prior to 2.4.0 had an authorization issue vulnerability. This vulnerability stemmed from the use of CAProvider for the SecretStore resource, allowing it to resolve CA...