BIT-sealed-secrets-2026-22728

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/sealed-secrets/BIT-sealed-secrets-2026-22728.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-sealed-secrets-2026-22728

Aliases

CVE-2026-22728
GHSA-465p-v42x-3fmj

Published

2026-02-26T09:30:00Z

Modified

2026-02-26T23:56:09.965675Z

Summary

Bitnami Sealed Secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations

Details

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation (/v1/rotate) flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim SealedSecret to the rotate endpoint with the annotation sealedsecrets.bitnami.com/cluster-wide=true injected into the template metadata, a remote attacker can obtain a rotated version of the secret that is cluster-wide. This bypasses original "strict" or "namespace-wide" constraints, allowing the attacker to retarget and unseal the secret in any namespace or under any name to recover the plaintext credentials.

Database specific

{
    "cpes": [
        "cpe:2.3:*:sealed-secrets:sealed-secrets:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / sealed-secrets

Package

Name: sealed-secrets
Purl: pkg:bitnami/sealed-secrets

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.36.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/sealed-secrets/BIT-sealed-secrets-2026-22728.json"