CVE-2024-45041
HIGH8.3EPSS 0.40%External Secrets Operator vulnerable to privilege escalation in github.com/external-secrets/external-secrets
Published: 9/9/2024Modified: 3/3/2026
Description
External Secrets Operator vulnerable to privilege escalation in github.com/external-secrets/external-secrets
Affected packages (2)
- Go/github.com/external-secrets/external-secretsfrom 0, < 0.10.2
- Go/github.com/external-secrets/external-secretsfrom 0, < 0.10.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH8.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-45041
- PATCHhttps://github.com/external-secrets/external-secrets
- WEBhttps://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L27
- WEBhttps://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L49
- WEBhttps://github.com/external-secrets/external-secrets/commit/0368b9806f660fa6bc52cbbf3c6ccdb27c58bb35
- WEBhttps://github.com/external-secrets/external-secrets/commit/428a452fd2ad45935312f2c2c0d40bc37ce6e67c
- WEBhttps://github.com/external-secrets/external-secrets/security/advisories/GHSA-qwgc-rr35-h4x9
- WEBhttps://pkg.go.dev/vuln/GO-2024-3126