VDB
GO-2024-3109
GO-2024-3109
PUBLISHED
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | metal3-io/baremetal-operator | 0, 0.6.0, 0.7.0-rc.0 |
Timeline
- Dec 20, 2024 CVE Published
- Mar 3, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-pqfh-xh7w-7h3p advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-43803 advisory
- https://github.com/metal3-io/baremetal-operator/commit/3af4882e9c5fadc1a7550f53daea21dccd271f74 patch
- https://github.com/metal3-io/baremetal-operator/commit/bedae7b997d16f36e772806681569bb8eb4dadbb patch
- https://github.com/metal3-io/baremetal-operator/commit/c2b5a557641bc273367635124047d6c958aa15f7 patch
- https://github.com/metal3-io/baremetal-operator/pull/1929 patch
- https://github.com/metal3-io/baremetal-operator/pull/1930 patch
- https://github.com/metal3-io/baremetal-operator/pull/1931 patch