EUVD-2026-20965
GHSA-99j8-wv67-4c72
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
4Description
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace - production database credentials, API keys, service tokens - with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and writes the password into a new secret in the attacker's namespace. The operator acts as a confused deputy: its ServiceAccount has cluster-wide secret read/write (aiven-operator-role ClusterRole), and it trusts user-supplied namespace values in spec.connInfoSecretSource.namespace without validation. No admission webhook enforces this boundary - the ServiceUser webhook returns nil, and no ClickhouseUser webhook exists. This vulnerability is fixed in 0.37.0.
Analysis
Aiven Operator versions 0.31.0 through 0.36.x allow developers with ClickhouseUser CRD creation permissions in their own namespace to exfiltrate secrets from arbitrary namespaces by exploiting a confused deputy vulnerability in the operator's ClusterRole. An attacker can craft a malicious ClickhouseUser resource that causes the operator to read privileged credentials (database passwords, API keys, service tokens) from production namespaces and write them into the attacker's namespace with a single kubectl apply command. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today