Insecure Storage of Sensitive Information Affecting github.com/openshift/hive/apis/hive package, versions >=0.0.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-GOLANG-GITHUBCOMOPENSHIFTHIVEAPISHIVE-9485540
- published19 Mar 2025
- disclosed17 Mar 2025
- creditUnknown
Introduced: 17 Mar 2025
NewCVE-2025-2241 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
There is no fixed version for github.com/openshift/hive/apis/hive.
Overview
Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information where vCenter credentials are stored in plaintext within the ClusterProvision object after provisioning a vSphere cluster. Users with read access to ClusterProvision objects can extract these sensitive credentials, even if they lack direct access to Kubernetes Secrets.