2 matches found
GO-2025-3885 External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access in github.com/external-secrets/external-secrets
External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access in github.com/external-secrets/external-secrets...
GHSA-FCXQ-V2R3-CC8H External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access
Summary A vulnerability was discovered in the External Secrets Operator where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read...