Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'ghsa-398h-7f66-3h4p'

View all threats tagged with 'ghsa-398h-7f66-3h4p'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: ghsa-398h-7f66-3h4p

Threats Tagged 'ghsa-398h-7f66-3h4p'

Click on any threat for detailed analysis and mitigation recommendations

GHSA-398h-7f66-3h4p: open-feature-operator: Cross-namespace FeatureFlagSource and InProcessConfiguration resolution exposes spec contents on multi-tenant clustersCVE-2026-54495
0

The open-feature-operator allows cross-namespace referencing of FeatureFlagSource and InProcessConfiguration resources via a documented annotation syntax. On multi-tenant Kubernetes clusters that treat namespaces as trust boundaries, this can lead to tenant-to-tenant disclosure of sensitive spec contents such as inline environment variables, bearer tokens, and sync URIs. This behavior is intentional and documented, with the operator having cluster-wide RBAC scope. The vulnerability does not affect single-tenant clusters. Mitigations include avoiding plaintext secrets in CR spec fields and restricting create permissions via RBAC. A future release plans to remove implicit cross-namespace resolution by introducing cluster-scoped CRDs.

Join the discussion

Showing 1 to 1 of 1 result

Filters:Tag: ghsa-398h-7f66-3h4p
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses