—
GO-2026-5117
IPAM controller service account granted unnecessary full access to Secrets in github.com/metal3-io/ip-address-manager
Details
IPAM controller service account granted unnecessary full access to Secrets in github.com/metal3-io/ip-address-manager
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/metal3-io/ip-address-manager
Introduced in:
0 Fixed in: 1.11.7 Fix
go get github.com/metal3-io/ip-address-manager@v1.11.7 References
- https://github.com/metal3-io/ip-address-manager/security/advisories/GHSA-49pm-43hf-6xfq [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2026-47190 [ADVISORY]
- https://github.com/metal3-io/ip-address-manager/pull/1355 [FIX]
- https://github.com/metal3-io/ip-address-manager/pull/1356 [FIX]
- https://github.com/metal3-io/ip-address-manager/pull/1357 [FIX]