Home

Description

Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.

PUBLISHED Reserved 2025-07-11 | Published 2025-09-05 | Updated 2025-09-05 | Assigner kubernetes




MEDIUM: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-532 Insertion of Sensitive Information into Log File

Product status

Default status
unaffected

Any version before 0.0.2
affected

0.0.2
unaffected

Credits

Reem Rotenberg reporter

Kas Dekel reporter

References

github.com/kubernetes/kubernetes/issues/133897 issue-tracking

groups.google.com/...ernetes-security-announce/c/NP7cQvQ1aGA mailing-list

cve.org (CVE-2025-7445)

nvd.nist.gov (CVE-2025-7445)

Download JSON