2 matches found
CVE-2024-45041
CVE-2024-45041 affects the External Secrets Operator. A deployment named default-external-secrets-cert-controller is bound to a ClusterRole that grants Harper access: it can perform get/list on secrets resources and patch/update on validatingwebhookconfigurations. This RBAC configuration can be a...
CVE-2026-34984
Summary: External Secrets Operator (ESO) versions 2.2.0 and earlier are vulnerable due to the v2 template engine’s getHostByName exposure in runtime/template/v2/template.go. An attacker who can create or update templated ExternalSecret resources can trigger controller-side DNS lookups using secre...