CVE-2024-45041: External Secrets Operator vulnerable to privilege escalation
(updated )
Privilege escalation
References
- github.com/advisories/GHSA-qwgc-rr35-h4x9
- github.com/external-secrets/external-secrets
- github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml
- github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml
- github.com/external-secrets/external-secrets/commit/0368b9806f660fa6bc52cbbf3c6ccdb27c58bb35
- github.com/external-secrets/external-secrets/commit/428a452fd2ad45935312f2c2c0d40bc37ce6e67c
- github.com/external-secrets/external-secrets/security/advisories/GHSA-qwgc-rr35-h4x9
- nvd.nist.gov/vuln/detail/CVE-2024-45041
- pkg.go.dev/vuln/GO-2024-3126
Code Behaviors & Features
Detect and mitigate CVE-2024-45041 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →