GO-2025-3697

See a problem?
Please try reporting it to the source first.
Source
https://pkg.go.dev/vuln/GO-2025-3697
Import Source
https://vuln.go.dev/ID/GO-2025-3697.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2025-3697
Aliases
Published
2025-05-23T15:17:19Z
Modified
2025-05-23T16:13:17.817202Z
Summary
Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation in github.com/gardener/external-dns-management
Details

Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation in github.com/gardener/external-dns-management

Database specific 
{
    "review_status": "UNREVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2025-3697"
}
References

Affected packages

Go / github.com/gardener/external-dns-management

Package

Name
github.com/gardener/external-dns-management
View open source insights on deps.dev
Purl
pkg:golang/github.com/gardener/external-dns-management

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.6

Go / github.com/gardener/gardener-extension-shoot-dns-service

Package

Name
github.com/gardener/gardener-extension-shoot-dns-service
View open source insights on deps.dev
Purl
pkg:golang/github.com/gardener/gardener-extension-shoot-dns-service

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected