CVE-2026-22728
Bitnami Sealed Secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations
描述
Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation (/v1/rotate) flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim SealedSecret to the rotate endpoint with the annotation sealedsecrets.bitnami.com/cluster-wide=true injected into the template metadata, a remote attacker can obtain a rotated version of the secret that is cluster-wide. This bypasses original "strict" or "namespace-wide" constraints, allowing the attacker to retarget and unseal the secret in any namespace or under any name to recover the plaintext credentials.
如何修補 CVE-2026-22728
要修補 CVE-2026-22728,請將受影響套件升級到下列已修補版本。
- —升級至 0.36.0 或更新版本
- —升級至 0.36.0 或更新版本
- —升級至 0.36.0 或更新版本
CVE-2026-22728 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(3)
- from 0, < 0.36.0
- from 0, < 0.36.0
- from 0, < 0.36.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |