9 matches found
SUSE CVE-2025-55196
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...
CVE-2025-55196
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...
CVE-2025-55196
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...
CVE-2025-55196
External Secrets Operator (github.com/external-secrets/external-secrets) contains a vulnerability in versions 0.15.0–0.19.1 where PushSecret List() calls on Kubernetes Secret and SecretStore resources ignore namespace selectors. This allows an attacker who can create or update PushSecret resource...
CVE-2025-55196 External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...
External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access
Summary A vulnerability was discovered in the External Secrets Operator where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller, which does not apply a namespace selector. An attacker can access sensitive information from arbitrary...
GHSA-FCXQ-V2R3-CC8H External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access
Summary A vulnerability was discovered in the External Secrets Operator where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read...
External Secrets 访问控制错误漏洞
External Secrets is a Kubernetes-related application from External Secrets open source. An access control error vulnerability exists in External Secrets versions prior to 0.15.0 through 0.19.2 that stems from the PushSecret controller not applying a namespace selector, which could lead to the...