GHSA-398h-7f66-3h4p: open-feature-operator: Cross-namespace FeatureFlagSource and InProcessConfiguration resolution exposes spec contents on multi-tenant clusters
The open-feature-operator allows cross-namespace referencing of FeatureFlagSource and InProcessConfiguration resources via a documented annotation syntax. On multi-tenant Kubernetes clusters that treat namespaces as trust boundaries, this can lead to tenant-to-tenant disclosure of sensitive spec contents such as inline environment variables, bearer tokens, and sync URIs. This behavior is intentional and documented, with the operator having cluster-wide RBAC scope. The vulnerability does not affect single-tenant clusters. Mitigations include avoiding plaintext secrets in CR spec fields and restricting create permissions via RBAC. A future release plans to remove implicit cross-namespace resolution by introducing cluster-scoped CRDs.
AI Analysis
Technical Summary
The open-feature-operator supports referencing namespaced FeatureFlagSource or InProcessConfiguration resources across namespaces using the documented {NAMESPACE}/{NAME} annotation syntax. The operator resolves these references cluster-wide and injects their spec contents (including env vars, flagd sidecar arguments like httpSyncBearerToken, sync URIs, and supporting ConfigMaps) into workloads. In multi-tenant clusters that use namespaces as trust boundaries, a tenant with permission to deploy controller-owned workloads in their namespace can cause the operator to read and disclose another tenant's FeatureFlagSource or InProcessConfiguration spec contents. This includes inline environment variable values and bearer tokens placed directly in the CR spec. The operator's cluster-wide RBAC scope and cross-namespace resolution are intentional and documented; namespace trust boundaries are not part of its current security model. The vulnerability does not allow cross-namespace disclosure of secretKeyRef or configMapKeyRef values, as those are resolved locally by the kubelet. The prerequisite for exploitation is create permission on workload controllers in the attacker's namespace, not on FeatureFlagSource resources. The advisory recommends treating FeatureFlagSource and InProcessConfiguration spec contents as readable by anyone with read access and avoiding plaintext secrets in these specs. A future breaking change will introduce explicit cluster-scoped CRDs and remove implicit cross-namespace resolution to address this architectural issue.
Potential Impact
On multi-tenant Kubernetes clusters that treat namespaces as trust boundaries, this vulnerability allows a tenant to disclose sensitive data from another tenant's FeatureFlagSource or InProcessConfiguration resource specs. This includes inline environment variable values, httpSyncBearerToken, and sync URIs embedded in the CR spec. Single-tenant clusters are not impacted. The vulnerability does not affect secretKeyRef or configMapKeyRef cross-namespace disclosure. There is no impact on integrity or availability, only confidentiality of spec data is affected.
Mitigation Recommendations
No official patch or fix is currently available. Users should treat FeatureFlagSource and InProcessConfiguration spec contents as readable by anyone with read access and avoid placing plaintext secrets in these spec fields. Use valueFrom.secretKeyRef for sensitive environment variables instead of inline values, as kubelet enforces same-namespace resolution for secrets. Restrict create permissions on featureflagsources and inprocessconfigurations via RBAC where feasible, especially in multi-tenant environments that treat namespaces as trust boundaries. Monitor the project's roadmap for upcoming breaking changes introducing cluster-scoped CRDs that will remove implicit cross-namespace resolution.
GHSA-398h-7f66-3h4p: open-feature-operator: Cross-namespace FeatureFlagSource and InProcessConfiguration resolution exposes spec contents on multi-tenant clusters
Description
The open-feature-operator allows cross-namespace referencing of FeatureFlagSource and InProcessConfiguration resources via a documented annotation syntax. On multi-tenant Kubernetes clusters that treat namespaces as trust boundaries, this can lead to tenant-to-tenant disclosure of sensitive spec contents such as inline environment variables, bearer tokens, and sync URIs. This behavior is intentional and documented, with the operator having cluster-wide RBAC scope. The vulnerability does not affect single-tenant clusters. Mitigations include avoiding plaintext secrets in CR spec fields and restricting create permissions via RBAC. A future release plans to remove implicit cross-namespace resolution by introducing cluster-scoped CRDs.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The open-feature-operator supports referencing namespaced FeatureFlagSource or InProcessConfiguration resources across namespaces using the documented {NAMESPACE}/{NAME} annotation syntax. The operator resolves these references cluster-wide and injects their spec contents (including env vars, flagd sidecar arguments like httpSyncBearerToken, sync URIs, and supporting ConfigMaps) into workloads. In multi-tenant clusters that use namespaces as trust boundaries, a tenant with permission to deploy controller-owned workloads in their namespace can cause the operator to read and disclose another tenant's FeatureFlagSource or InProcessConfiguration spec contents. This includes inline environment variable values and bearer tokens placed directly in the CR spec. The operator's cluster-wide RBAC scope and cross-namespace resolution are intentional and documented; namespace trust boundaries are not part of its current security model. The vulnerability does not allow cross-namespace disclosure of secretKeyRef or configMapKeyRef values, as those are resolved locally by the kubelet. The prerequisite for exploitation is create permission on workload controllers in the attacker's namespace, not on FeatureFlagSource resources. The advisory recommends treating FeatureFlagSource and InProcessConfiguration spec contents as readable by anyone with read access and avoiding plaintext secrets in these specs. A future breaking change will introduce explicit cluster-scoped CRDs and remove implicit cross-namespace resolution to address this architectural issue.
Potential Impact
On multi-tenant Kubernetes clusters that treat namespaces as trust boundaries, this vulnerability allows a tenant to disclose sensitive data from another tenant's FeatureFlagSource or InProcessConfiguration resource specs. This includes inline environment variable values, httpSyncBearerToken, and sync URIs embedded in the CR spec. Single-tenant clusters are not impacted. The vulnerability does not affect secretKeyRef or configMapKeyRef cross-namespace disclosure. There is no impact on integrity or availability, only confidentiality of spec data is affected.
Mitigation Recommendations
No official patch or fix is currently available. Users should treat FeatureFlagSource and InProcessConfiguration spec contents as readable by anyone with read access and avoid placing plaintext secrets in these spec fields. Use valueFrom.secretKeyRef for sensitive environment variables instead of inline values, as kubelet enforces same-namespace resolution for secrets. Restrict create permissions on featureflagsources and inprocessconfigurations via RBAC where feasible, especially in multi-tenant environments that treat namespaces as trust boundaries. Monitor the project's roadmap for upcoming breaking changes introducing cluster-scoped CRDs that will remove implicit cross-namespace resolution.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-398h-7f66-3h4p
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-54495"]
- Ecosystems
- ["Go"]
- Database Specific Severity
- MODERATE
- Cvss Version
- 3.1
Threat ID: 6a58b40468715ace43d67079
Added to database: 07/16/2026, 10:35:48 UTC
Last enriched: 07/16/2026, 10:49:10 UTC
Last updated: 07/17/2026, 03:34:54 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.