—
GO-2026-5283
Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource in github.com/aiven/aiven-operator
Details
Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource in github.com/aiven/aiven-operator
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/aiven/aiven-operator
Introduced in:
0.31.0 Fixed in: 0.37.0 Fix
go get github.com/aiven/aiven-operator@v0.37.0 References
- https://github.com/aiven/aiven-operator/security/advisories/GHSA-99j8-wv67-4c72 [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2026-39961 [ADVISORY]
- https://github.com/aiven/aiven-operator/commit/032c9ba63257fdd2fddfb7f73f71830e371ff182 [FIX]
- https://github.com/aiven/aiven-operator/releases/tag/v0.37.0 [WEB]