github.com/fluxcd/kustomize-controller is vulnerable to privilege escalation. Users with privilege to create Kubernetes Secrets, Service Accounts and Flux Kustomization objects is allowed to use kustomize-controller to execute shell commands on the container OS via embedding a shell script in a Kubernetes Secret.