—
GO-2026-5615
CAPM3 vulnerable to Cross-Namespace resource access in github.com/metal3-io/cluster-api-provider-metal3
Details
CAPM3 vulnerable to Cross-Namespace resource access in github.com/metal3-io/cluster-api-provider-metal3
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/metal3-io/cluster-api-provider-metal3
Introduced in:
0 Fixed in: 1.11.8 Fix
go get github.com/metal3-io/cluster-api-provider-metal3@v1.11.8 References
- https://github.com/metal3-io/cluster-api-provider-metal3/security/advisories/GHSA-rf84-wr5g-m3rp [ADVISORY]
- https://github.com/metal3-io/cluster-api-provider-metal3/pull/3288 [FIX]
- https://github.com/metal3-io/cluster-api-provider-metal3/pull/3294 [FIX]
- https://github.com/metal3-io/cluster-api-provider-metal3/pull/3317 [FIX]
- https://github.com/metal3-io/cluster-api-provider-metal3/pull/3319 [FIX]
- https://github.com/metal3-io/cluster-api-provider-metal3/pull/3322 [FIX]
- https://github.com/metal3-io/cluster-api-provider-metal3/pull/3323 [FIX]
- https://github.com/metal3-io/cluster-api-provider-metal3/pull/3325 [FIX]
- https://github.com/metal3-io/cluster-api-provider-metal3/pull/3327 [FIX]
- https://github.com/metal3-io/cluster-api-provider-metal3/pull/3343 [FIX]
- https://github.com/metal3-io/cluster-api-provider-metal3/pull/3344 [FIX]