GO-2025-4093 MARIN3R: Cross-Namespace Vulnerability in the Operator in github.com/3scale-sre/marin3r

MARIN3R: Cross-Namespace Vulnerability in the Operator in github.com/3scale-sre/marin3r...

CVE-2025-64171

A cross-namespace authorization flaw has been identified in the MARIN3R operator’s DiscoveryServiceCertificate resource. The flaw occurs because the operator mistakenly treats certain inputs as valid, bypassing Kubernetes Role-Based Access Control RBAC. When a user has permission to create...

CVE-2025-64171

MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...

CVE-2025-64171 MARIN3R: Cross-Namespace Vulnerability in the Operator

MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...

EUVD-2025-37859

MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...

CVE-2025-64171

CVE-2025-64171 MARIN3R is a cross-namespace secret access vulnerability in the MARIN3R operator. In versions ≤ 0.13.3, DiscoveryServiceCertificate could bypass RBAC, allowing a user who can create DiscoveryServiceCertificate resources in one namespace to indirectly read Secrets in other namespace...

CVE-2025-64171 MARIN3R: Cross-Namespace Vulnerability in the Operator

MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...

CVE-2025-64171 MARIN3R: Cross-Namespace Vulnerability in the Operator

MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...

marin3r 安全漏洞

marin3r is a lightweight CRD-based kubernetes control panel open-sourced by Red Hat 3scale SRE. A security vulnerability exists in marin3r 0.13.3 and earlier versions, which stems from a cross-namespace secret access vulnerability in DiscoveryServiceCertificate that could lead to bypassing RBAC a...

PT-2025-45114

Name of the Vulnerable Software and Affected Versions MARIN3R versions 0.13.3 and below Description MARIN3R, a lightweight, CRD based envoy control plane for kubernetes, contains a flaw where a cross-namespace secret access issue exists in the DiscoveryServiceCertificate component. This allows...

MARIN3R: Cross-Namespace Vulnerability in the Operator

Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate allows users to bypass RBAC and access Secrets in unauthorized namespaces...