CNNVD-202601-3343 Information

Jan 21, 2026 cve

CNNVD ID

CNNVD-202601-3343

CVE-2026-22822

  • CNNVD Published: 2026-01-21

Description (Chinese)

External Secrets是External Secrets开源的一个 Kubernetes 相关应用程序。 External Secrets 0.20.2版本至1.2.0之前版本存在安全漏洞,该漏洞源于getSecretKey模板函数能够跨命名空间获取密钥并绕过安全机制,可能导致权限提升。

Description (English)

External Securitys is a Kubernetes-related application of the Extranal Securitys Open Source. There is a security loophole in the previous versions of Express Securitys 0.20.2 to 1.2.0, which stems from the ability of the GetSecretKey template function to acquire key across named spaces and bypass the security mechanism, which may lead to enhanced privileges.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

External Secrets

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/external-secrets/external-secrets/commit/17d3e22b8d3fbe339faf8515a95ec06ec92b1feb https://github.com/external-secrets/external-secrets/issues/5690 https://github.com/external-secrets/external-secrets/pull/3895 https://github.com/external-secrets/external-secrets/releases/tag/v1.2.0 https://github.com/external-secrets/external-secrets/security/advisories/GHSA-77v3-r3jw-j2v2

Patch

https://github.com/external-secrets/external-secrets/releases

Share on: