| id: GO-2025-3885 |
| modules: |
| - module: github.com/external-secrets/external-secrets |
| versions: |
| - introduced: 0.15.0 |
| - fixed: 0.19.2 |
| vulnerable_at: 0.19.1 |
| summary: |- |
| External Secrets Operator's Missing Namespace Restriction Allows Unauthorized |
| Secret Access in github.com/external-secrets/external-secrets |
| cves: |
| - CVE-2025-55196 |
| ghsas: |
| - GHSA-fcxq-v2r3-cc8h |
| references: |
| - advisory: https://github.com/external-secrets/external-secrets/security/advisories/GHSA-fcxq-v2r3-cc8h |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-55196 |
| - fix: https://github.com/external-secrets/external-secrets/commit/39cdba5863533007b582dc63dd300839326b2f1d |
| - fix: https://github.com/external-secrets/external-secrets/commit/de40e8f4fa9559c1d770bb674589b285da5ef2d1 |
| - fix: https://github.com/external-secrets/external-secrets/pull/5109 |
| - fix: https://github.com/external-secrets/external-secrets/pull/5133 |
| source: |
| id: GHSA-fcxq-v2r3-cc8h |
| created: 2025-08-15T17:53:09.035700876Z |
| review_status: UNREVIEWED |
