CNNVD-202512-2391 Information

CNNVD ID

CNNVD-202512-2391

Related CVE

CVE-2025-67508

• CNNVD Published: 2025-12-12

Description (Chinese)

gardenctl-v2是Gardener开源的一个命令行客户端。 gardenctl-v2存在命令注入漏洞，该漏洞源于非POSIX shell环境下可伪造凭据值，可能导致凭证泄露。

Description (English)

Gardenctl-v2 is a command line client of the Gardenner Open Source. Gardenctl-v2 has an order to inject a loophole that results from the forgery of the certificate in a non-POSIX shell environment and could lead to the disclosure of the document.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

Gardener

Published

2025-12-12

Last Modified

2026-02-24

References

https://github.com/gardener/gardenctl-v2/security/advisories/GHSA-fw33-qpx7-rhx2

Patch

https://gardener.cloud/