CNNVD-202508-1473 Information

Aug 13, 2025 cve

CNNVD ID

CNNVD-202508-1473

CVE-2025-55196

  • CNNVD Published: 2025-08-13

Description (Chinese)

External Secrets是External Secrets开源的一个 Kubernetes 相关应用程序。 External Secrets 0.15.0至0.19.2之前版本存在访问控制错误漏洞,该漏洞源于PushSecret控制器未应用命名空间选择器,可能导致跨集群读取敏感数据。

Description (English)

External Securitys is a Kubernetes-related application of the Extranal Securitys Open Source. Access control error holes existed in the pre-External Securitys 0.15.0 to 0.19.2 version, which stemmed from the failure of the PushSecret controller to apply a naming space selectioner, which could lead to cross-cluster reading of sensitive data.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

External Secrets

Published

2025-08-13

Last Modified

2026-02-24

References

https://github.com/external-secrets/external-secrets/commit/39cdba5863533007b582dc63dd300839326b2f1d https://github.com/external-secrets/external-secrets/commit/de40e8f4fa9559c1d770bb674589b285da5ef2d1 https://github.com/external-secrets/external-secrets/pull/5109 https://github.com/external-secrets/external-secrets/pull/5133 https://github.com/external-secrets/external-secrets/security/advisories/GHSA-fcxq-v2r3-cc8h

Patch

https://github.com/external-secrets/external-secrets/releases

Share on: