CNNVD-202511-556 Information
CNNVD ID
CNNVD-202511-556
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
marin3r是Red Hat 3scale SRE开源的一个基于CRD的轻量级kubernetes控制面板。 marin3r 0.13.3及之前版本存在安全漏洞,该漏洞源于DiscoveryServiceCertificate存在跨命名空间秘密访问漏洞,可能导致绕过RBAC并访问未经授权的命名空间中的秘密。
Description (English)
Marin3r is a CD-based lightweight kubernetes control panel from the open source of Red Hat 3scale SRE. There is a security loophole in marin3r 0.13.3 and earlier versions, which stems from the existence of a secret access gap across named spaces, which could lead to circumventing RBAC and access to unauthorized naming spaces.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Red Hat 3scale SRE
Published
2025-11-06
Last Modified
2026-02-24
References
https://github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30d9981 https://github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j https://access.redhat.com/security/cve/cve-2025-64171
Patch
https://github.com/3scale-sre/marin3r/releases
Share on: