CVE-2025-62159

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

CVE-2025-62159

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

CVE-2025-62159

CVE-2025-62159 affects External Secrets Operator’s BeyondTrust provider (versions 0.10.1–0.19.2). The legacy code retrieved Kubernetes secrets directly without validating namespace context or secret store type, enabling cross‑namespace secret access and security boundary violations. In version 0....

EUVD-2021-30006

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

CVE-2023-23947

A flaw was found in ArgoCD. An improper authorization bug may allow an attacker to update at least one cluster secret, enabling them to change any other cluster secret. The attacker must know the URL for the targeted cluster and additionally it should be authenticated within the ArgoCD API server...

Users with any cluster secret update access may update out-of-bounds cluster secrets

Impact All Argo CD versions starting with v2.3.0-rc1 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges potentially controlling...

CVE-2023-23947

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to...

PT-2023-1473 · Argo Cd +1 · Argo Cd +1

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.3.0-rc1 through 2.3.16 Argo CD versions 2.4.0 through 2.4.22 Argo CD versions 2.5.0 through 2.5.10 Argo CD versions 2.6.0 through 2.6.1 Description: The issue is related to an improper authorization bug in Argo CD, a...

CVE-2021-43053

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another...

CVE-2021-43053

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another...

Design/Logic Flaw

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another...

CVE-2021-43053

CVE-2021-43053 affects the Realm Server component of TIBCO FTL (Community, Developer, Enterprise Editions). Versions 6.7.2 and earlier are vulnerable to an information-disclosure flaw that allows an unauthenticated, network-accessible attacker to obtain the cluster secret of another application c...

TIBCO Security Advisory: January 11, 2022 - TIBCO FTL -2021-43053

TIBCO FTL Secret Exposure Vulnerability Original release date: January 11, 2022 Last revised:--- CVE-2021-43053 Source: TIBCO SoftwareInc. Products Affected TIBCO FTL - Community Edition versions 6.7.2 and below TIBCO FTL - Developer Edition versions 6.7.2 and below TIBCO FTL - Enterprise Edition...