AIKIDO-2025-10333
github.com/fluxcd/kustomize-controller is vulnerable to Insertion of Sensitive Information into Log File
15
Low Risk
This Affects:
github.com/fluxcd/kustomize-controllerTL;DR
Affected versions of this package are vulnerable to the exposure of sensitive data in logs due to improper handling of decryption in the Kustomize controller. This issue occurs when a secret resource is initially set to an empty string in the base layer and later updated with actual secret data. As a result, the controller mistakenly decrypts and logs the secret value. If the controller publicly logs are exposed or kept in a system with less authorization, an attacker could potentially gain access to sensitive data.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/fluxcd/kustomize-controller is vulnerable to Insertion of Sensitive Information into Log File in versions 0.2.0 - 1.5.0.
How to fix this
Upgrade the github.com/fluxcd/kustomize-controller library to the patch version.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant