CNNVD-202510-1395 Information

CNNVD ID

CNNVD-202510-1395

Related CVE

CVE-2025-62159

• CNNVD Published: 2025-10-10

Description (Chinese)

External Secrets是External Secrets开源的一个 Kubernetes 相关应用程序。 External Secrets 0.10.1版本至0.19.2版本存在访问控制错误漏洞，该漏洞源于未验证命名空间上下文或密钥存储类型，可能导致未经授权的跨命名空间密钥访问。

Description (English)

External Securitys is a Kubernetes-related application of the Extranal Securitys Open Source. There is an access control error loophole from Extranal Security Versions 0.10.1 to 0.19.2, which stems from unverified naming space context or key storage type, which may lead to unauthorized cross-naming space access.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

External Secrets

Published

2025-10-10

Last Modified

2026-02-24

References

https://github.com/external-secrets/external-secrets/security/advisories/GHSA-vf79-2pjx-phpp https://access.redhat.com/security/cve/cve-2025-62159

Patch

https://external-secrets.io/latest/