CNNVD-202512-627 Information
CNNVD ID
CNNVD-202512-627
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Strimzi是Strimzi开源的一种允许在 Kubernetes 上以各种部署配置运行 Apache Kafka 集群的程序。 Strimzi 0.47.0版本至0.49.1之前版本存在安全漏洞,该漏洞源于创建不正确的Kubernetes角色,可能导致访问所有Kubernetes Secrets。
Description (English)
Strimzi is a program for the Strimzi open source that allows the Apache Kafka cluster to operate on Kubernetes with various deployment configurations. There is a security loophole between Strimzi version 0.47.0 and pre-version 0.491, which stems from the creation of incorrect Kubernetes roles that could lead to access to all Kubernetes Secrets.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Strimzi
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/strimzi/strimzi-kafka-operator/commit/c8a14935e99c91eb0dd865431f46515da9f82ccc https://github.com/strimzi/strimzi-kafka-operator/security/advisories/GHSA-xrhh-hx36-485q https://access.redhat.com/security/cve/cve-2025-66623
Patch
https://github.com/strimzi/strimzi-kafka-operator/releases
Share on: