| id: GO-2025-3698 |
| modules: |
| - module: github.com/gardener/gardener |
| versions: |
| - fixed: 1.116.4 |
| - introduced: 1.117.0 |
| - fixed: 1.117.5 |
| - introduced: 1.118.0 |
| - fixed: 1.118.2 |
| vulnerable_at: 1.118.1 |
| summary: |- |
| Gardener allows metadata injection for a project secret which can lead to |
| privilege escalation in github.com/gardener/gardener |
| cves: |
| - CVE-2025-47284 |
| ghsas: |
| - GHSA-9x73-87fh-54w9 |
| references: |
| - advisory: https://github.com/gardener/gardener/security/advisories/GHSA-9x73-87fh-54w9 |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-47284 |
| source: |
| id: GHSA-9x73-87fh-54w9 |
| created: 2025-05-20T12:58:56.466057-04:00 |
| review_status: UNREVIEWED |
