{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-47282", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-05-05T16:53:10.373Z", "datePublished": "2025-05-19T17:53:28.412Z", "dateUpdated": "2025-05-20T13:10:56.740Z"}, "containers": {"cna": {"title": "Malicious google credential in DNS secret can lead to privilege escalation", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "references": [{"name": "https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx"}], "affected": [{"vendor": "gardener", "product": "external-dns-management", "versions": [{"version": "< 0.23.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-19T17:53:28.412Z"}, "descriptions": [{"lang": "en", "value": "Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue."}], "source": {"advisory": "GHSA-xwgg-m7fx-83wx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-20T13:10:51.006437Z", "id": "CVE-2025-47282", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T13:10:56.740Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-47282", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-05-05T16:53:10.373Z", "datePublished": "2025-05-19T17:53:28.412Z", "dateUpdated": "2025-05-20T13:10:56.740Z"}, "containers": {"cna": {"title": "Malicious google credential in DNS secret can lead to privilege escalation", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "references": [{"name": "https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx"}], "affected": [{"vendor": "gardener", "product": "external-dns-management", "versions": [{"version": "< 0.23.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-19T17:53:28.412Z"}, "descriptions": [{"lang": "en", "value": "Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue."}], "source": {"advisory": "GHSA-xwgg-m7fx-83wx", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-47282", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-20T13:10:51.006437Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T13:10:53.917Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue."}, {"lang": "es", "value": "Gardener External DNS Management es un entorno para administrar entradas DNS externas en un cl\u00faster de Kubernetes. Se descubri\u00f3 una vulnerabilidad de seguridad en la Administraci\u00f3n de DNS Externa de Gardener anterior a la versi\u00f3n 0.23.6 que podr\u00eda permitir que un usuario con privilegios administrativos para un proyecto de Gardener o para un cl\u00faster de brotes, incluyendo privilegios administrativos para un \u00fanico espacio de nombres del cl\u00faster de brotes, obtuviera control sobre el cl\u00faster de semillas donde se administra dicho cl\u00faster. Esta CVE afecta a todas las instalaciones de Gardener, independientemente del proveedor de nube p\u00fablica utilizado para los cl\u00fasteres de semillas/brotes. El componente afectado es `gardener/external-dns-management`. El componente `external-dns-management` tambi\u00e9n puede implementarse en las semillas mediante la extensi\u00f3n `gardener/gardener-extension-shoot-dns-service` cuando esta est\u00e1 habilitada. En este caso, todas las versiones de la extensi\u00f3n `shoot-dns-service` &lt;= v1.60.0` se ven afectadas por esta vulnerabilidad. La versi\u00f3n 0.23.6 de Gardener External DNS Management soluciona el problema."}], "id": "CVE-2025-47282", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-05-19T18:15:30.827", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}