CVE-2026-22822
- EPSS 0.01%
- Veröffentlicht 21.01.2026 21:22:05
- Zuletzt bearbeitet 18.02.2026 15:29:01
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the `getSecretKey` template function, while introduced for senh...
CVE-2025-62159
- EPSS 0.09%
- Veröffentlicht 10.10.2025 22:23:19
- Zuletzt bearbeitet 14.10.2025 19:36:59
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1...
CVE-2025-55196
- EPSS 0.07%
- Veröffentlicht 13.08.2025 22:54:02
- Zuletzt bearbeitet 14.08.2025 13:11:53
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List() calls for Kubernetes Secret and SecretStore resources perform...
CVE-2024-45041
- EPSS 0.4%
- Veröffentlicht 09.09.2024 15:15:11
- Zuletzt bearbeitet 18.09.2024 17:31:53
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRol...
CVE-2024-36540
- EPSS 0.26%
- Veröffentlicht 24.07.2024 17:15:10
- Zuletzt bearbeitet 27.06.2025 16:50:19
Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.