GO-2025-3939 secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller

secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the error handling for parameters marshalling. An attacker can obtain sensitive service account tokens sent to the providers by accessing log files containing these credentials...

CVE-2025-7445

Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...

CVE-2025-7445 Kubernetes secrets-store-sync-controller discloses service account tokens in logs

Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...

PT-2025-36631

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vau...