Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2026/02/07 12:25 a.m.4 views

SUSE CVE-2026-22822

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

9.3CVSS5.3AI score0.00175EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/21 9:22 p.m.4 views

CVE-2026-22822

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

9.3CVSS5.3AI score0.00175EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 9:22 p.m.2 views

CVE-2026-22822 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

9.3CVSS5.5AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/01/21 9:22 p.m.10 views

CVE-2026-22822 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

9.3CVSS5.5AI score0.00175EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/10 10:23 p.m.4 views

EUVD-2025-33793

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS6.3AI score0.00278EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/04/24 12:0 a.m.10 views

Identity Control Plane: the Unifying Layer for Zero Trust Infrastructure

This paper introduces the Identity Control Plane ICP, an architectural framework for enforcing identity-aware Zero Trust access across human users, workloads, and automation systems. The ICP model unifies SPIFFE-based workload identity, OIDC/SAML user identity, and scoped automation credentials v...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/20 12:0 a.m.5 views

Intent-Aware Authorization for Zero Trust CI/CD

This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as OPA and Cedar evaluat...

6.9AI score
Exploits0
Rows per page
Query Builder