Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
External Secrets Operator has DNS exfiltration via getHostByName in its v2 template engine
Vulnerability Description
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap() but leaves the getHostByName function accessible to user-controlled templates. Since ESO executes templates within the controller process, an attacker who can create or update templated ExternalSecret resources can invoke controller-side DNS lookups using secret-derived values. This creates a DNS exfiltration primitive, allowing fetched secret material to be leaked via DNS queries without requiring direct outbound network access from the attacker's workload. The impact is a confidentiality issue, particularly in environments where untrusted or lower-trust users can author templated ExternalSecret resources and the controller has DNS resolution capability. This issue has been fixed in version 2.3.0.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
External Secrets 信息泄露漏洞
Vulnerability Description
External Secrets是External Secrets开源的一个 Kubernetes 相关应用程序。 External Secrets 2.2.0及之前版本存在信息泄露漏洞,该漏洞源于v2模板引擎未移除getHostByName函数,可能导致通过DNS查询泄露机密信息。
CVSS Information
N/A
Vulnerability Type
N/A