blob: bc6b51ef0f58d6492ca65f6e7a683c5f4cc74883 [file] [log] [blame]
id: GO-2024-3109
modules:
- module: github.com/metal3-io/baremetal-operator
versions:
- fixed: 0.5.2
- introduced: 0.6.0
- fixed: 0.6.2
- introduced: 0.7.0-rc.0
- fixed: 0.8.0
vulnerable_at: 0.8.0-rc.0
summary: |-
The Bare Metal Operator (BMO) can expose particularly named secrets from other
namespaces via BMH CRD in github.com/metal3-io/baremetal-operator
cves:
- CVE-2024-43803
ghsas:
- GHSA-pqfh-xh7w-7h3p
references:
- advisory: https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-pqfh-xh7w-7h3p
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-43803
- fix: https://github.com/metal3-io/baremetal-operator/commit/3af4882e9c5fadc1a7550f53daea21dccd271f74
- fix: https://github.com/metal3-io/baremetal-operator/commit/bedae7b997d16f36e772806681569bb8eb4dadbb
- fix: https://github.com/metal3-io/baremetal-operator/commit/c2b5a557641bc273367635124047d6c958aa15f7
- fix: https://github.com/metal3-io/baremetal-operator/pull/1929
- fix: https://github.com/metal3-io/baremetal-operator/pull/1930
- fix: https://github.com/metal3-io/baremetal-operator/pull/1931
source:
id: GHSA-pqfh-xh7w-7h3p
created: 2024-12-20T10:04:02.95551-10:00
review_status: UNREVIEWED