{"id":"GO-2024-3109","summary":"The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator","details":"The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator","aliases":["CVE-2024-43803","GHSA-pqfh-xh7w-7h3p"],"modified":"2026-03-03T04:52:02.205791Z","published":"2024-12-20T20:36:43Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-3109","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-pqfh-xh7w-7h3p"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43803"},{"type":"FIX","url":"https://github.com/metal3-io/baremetal-operator/commit/3af4882e9c5fadc1a7550f53daea21dccd271f74"},{"type":"FIX","url":"https://github.com/metal3-io/baremetal-operator/commit/bedae7b997d16f36e772806681569bb8eb4dadbb"},{"type":"FIX","url":"https://github.com/metal3-io/baremetal-operator/commit/c2b5a557641bc273367635124047d6c958aa15f7"},{"type":"FIX","url":"https://github.com/metal3-io/baremetal-operator/pull/1929"},{"type":"FIX","url":"https://github.com/metal3-io/baremetal-operator/pull/1930"},{"type":"FIX","url":"https://github.com/metal3-io/baremetal-operator/pull/1931"}],"affected":[{"package":{"name":"github.com/metal3-io/baremetal-operator","ecosystem":"Go","purl":"pkg:golang/github.com/metal3-io/baremetal-operator"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.5.2"},{"introduced":"0.6.0"},{"fixed":"0.6.2"},{"introduced":"0.7.0-rc.0"},{"fixed":"0.8.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3109.json"}}],"schema_version":"1.7.3"}