VYPR

External Secrets

by External Secrets

Source repositories

CVEs (8)

  • CVE-2025-62159HigOct 10, 2025
    risk 0.57cvss epss 0.00

    External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider…

  • CVE-2025-55196HigAug 13, 2025
    risk 0.39cvss epss 0.00

    External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List() calls for Kubernetes Secret and SecretStore resources performed by the PushSecret…

  • CVE-2026-34984MedApr 14, 2026
    risk 0.35cvss 6.5epss 0.00

    External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from…

  • CVE-2026-42875MedMay 11, 2026
    risk 0.27cvss epss 0.00

    External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when…

  • CVE-2026-42876MedMay 11, 2026
    risk 0.25cvss 4.9epss 0.00

    External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will…

  • CVE-2026-22822Jan 21, 2026
    risk 0.00cvss epss 0.00

    External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the `getSecretKey` template function, while introduced for senhasegura Devops Secrets…

  • CVE-2024-45041Sep 9, 2024
    risk 0.00cvss epss 0.01

    External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of…

  • CVE-2024-36540Jul 24, 2024
    risk 0.00cvss epss 0.00

    Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.