GHSA-465p-v42x-3fmj

Suggest an improvement
Source
https://github.com/advisories/GHSA-465p-v42x-3fmj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-465p-v42x-3fmj/GHSA-465p-v42x-3fmj.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-465p-v42x-3fmj
Aliases
Published
2026-02-26T22:49:14Z
Modified
2026-02-26T23:56:09.965675Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations
Details

This report shows a scope-widening issue in the rotate (re-encrypt) flow: the output scope can be derived from untrusted spec.template.metadata.annotations on the input sealed secret.

If a victim sealed secret is strict- or namespace-scoped, an attacker who can submit it to the rotate endpoint can set sealedsecrets.bitnami.com/cluster-wide=true in the template metadata and receive a rotated sealed secret that is cluster-wide, enabling retargeting (metadata.name/metadata.namespace) and unsealing to recover the victim plaintext.

Relevant Links (Pinned)

  • Rotate handler uses NewSealedSecret(..., secret) after unsealing: https://github.com/bitnami-labs/sealed-secrets/blob/946bc048f3407117c837da6e4300686522d4c4eb/pkg/controller/controller.go#L560-L606
  • Scope derivation reads secret annotations (SecretScope): https://github.com/bitnami-labs/sealed-secrets/blob/946bc048f3407117c837da6e4300686522d4c4eb/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go#L112-L122

Root Cause

The rotate flow unseals the input sealed secret to a Secret, then reseals using NewSealedSecret(..., secret).

Because SecretScope(secret) is computed from secret annotations, and unsealing applies spec.template metadata onto the unsealed secret, an attacker can influence the scope of the rotated output by mutating template annotations on the rotate input.

Attack Path

  1. Attacker obtains a victim SealedSecret object (for example via read access to resources or logs) and can submit it to the controller rotate endpoint.
  2. Attacker sets spec.template.metadata.annotations.sealedsecrets.bitnami.com/cluster-wide=true (and optionally retargets name/namespace fields).
  3. Rotate returns a resealed, cluster-wide sealed secret that is no longer bound to the victim name/namespace.
  4. Attacker unseals the rotated output in their chosen namespace/name to recover the victim plaintext.

Proof of Concept

Setup + run:

unzip poc.zip -d poc
cd poc
make test

Canonical output (excerpt):

[CALLSITE_HIT]: pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go:112 SecretScope
[PROOF_MARKER]: scope_widened=true rotated_scope=cluster-wide

Control output (excerpt):

[NC_MARKER]: scope_widened=false strict_scope_preserved=true

Fix Accepted When

Rotate preserves the original sealing scope and does not allow scope widening based on untrusted template metadata; strict or namespace-wide inputs cannot produce cluster-wide outputs.

poc.zip PRDESCRIPTION.md attackscenario.md

Database specific 
{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-284"
    ],
    "github_reviewed_at": "2026-02-26T22:49:14Z",
    "nvd_published_at": "2026-02-26T02:16:20Z",
    "severity": "MODERATE"
}
References

Affected packages

Go / github.com/bitnami-labs/sealed-secrets

Package

Name
github.com/bitnami-labs/sealed-secrets
View open source insights on deps.dev
Purl
pkg:golang/github.com/bitnami-labs/sealed-secrets

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.36.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-465p-v42x-3fmj/GHSA-465p-v42x-3fmj.json"