CVE-2026-39961: CWE-269: Improper Privilege Management in aiven aiven-operator
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and writes the password into a new secret in the attacker's namespace. The operator acts as a confused deputy: its ServiceAccount has cluster-wide secret read/write (aiven-operator-role ClusterRole), and it trusts user-supplied namespace values in spec.connInfoSecretSource.namespace without validation. No admission webhook enforces this boundary — the ServiceUser webhook returns nil, and no ClickhouseUser webhook exists. This vulnerability is fixed in 0.37.0.
AI Analysis
Technical Summary
The aiven-operator for Kubernetes versions 0.31.0 up to but not including 0.37.0 contains a privilege escalation vulnerability (CWE-269) where a user with create permission on ClickhouseUser CRDs in their own namespace can leverage the operator's cluster-wide secret read/write ClusterRole to read secrets from any namespace. The operator trusts the namespace value in spec.connInfoSecretSource.namespace without validation, enabling it to read victim secrets and write them into the attacker's namespace. Lack of admission webhooks to enforce namespace boundaries contributes to this issue. The vulnerability is addressed in version 0.37.0.
Potential Impact
An attacker with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate sensitive secrets such as production database credentials, API keys, and service tokens from any namespace in the Kubernetes cluster. This can lead to unauthorized access to critical resources and data compromise. The vulnerability does not affect availability or integrity directly but results in a confidentiality breach.
Mitigation Recommendations
This vulnerability is fixed in aiven-operator version 0.37.0. Users should upgrade to version 0.37.0 or later to remediate this issue. Until upgraded, restrict create permissions on ClickhouseUser CRDs and monitor for unauthorized secret access. Patch status is not explicitly stated beyond the fix in 0.37.0; verify with vendor advisories for the latest remediation guidance.
CVE-2026-39961: CWE-269: Improper Privilege Management in aiven aiven-operator
Description
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and writes the password into a new secret in the attacker's namespace. The operator acts as a confused deputy: its ServiceAccount has cluster-wide secret read/write (aiven-operator-role ClusterRole), and it trusts user-supplied namespace values in spec.connInfoSecretSource.namespace without validation. No admission webhook enforces this boundary — the ServiceUser webhook returns nil, and no ClickhouseUser webhook exists. This vulnerability is fixed in 0.37.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The aiven-operator for Kubernetes versions 0.31.0 up to but not including 0.37.0 contains a privilege escalation vulnerability (CWE-269) where a user with create permission on ClickhouseUser CRDs in their own namespace can leverage the operator's cluster-wide secret read/write ClusterRole to read secrets from any namespace. The operator trusts the namespace value in spec.connInfoSecretSource.namespace without validation, enabling it to read victim secrets and write them into the attacker's namespace. Lack of admission webhooks to enforce namespace boundaries contributes to this issue. The vulnerability is addressed in version 0.37.0.
Potential Impact
An attacker with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate sensitive secrets such as production database credentials, API keys, and service tokens from any namespace in the Kubernetes cluster. This can lead to unauthorized access to critical resources and data compromise. The vulnerability does not affect availability or integrity directly but results in a confidentiality breach.
Mitigation Recommendations
This vulnerability is fixed in aiven-operator version 0.37.0. Users should upgrade to version 0.37.0 or later to remediate this issue. Until upgraded, restrict create permissions on ClickhouseUser CRDs and monitor for unauthorized secret access. Patch status is not explicitly stated beyond the fix in 0.37.0; verify with vendor advisories for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-07T22:40:33.822Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d843791cc7ad14da3fb693
Added to database: 4/10/2026, 12:25:29 AM
Last enriched: 4/10/2026, 12:36:53 AM
Last updated: 4/10/2026, 7:59:55 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.