Search criteria

3 vulnerabilities by Bitnami

CVE-2026-47846 (GCVE-0-2026-47846)

Vulnerability from cvelistv5 – Published: 2026-06-18 18:39 – Updated: 2026-06-18 20:24
VLAI?
Summary
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path. Affected versions — Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3.
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Vendor Product Version
Bitnami bitnami/cassandra Affected: 4.0.0 , < 4.0.20-photon-5-r7 (custom)
Affected: 4.1.0 , < 4.1.11-photon-5-r7 (custom)
Affected: 5.0.0 , < 5.0.8-photon-5-r4 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47846",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-18T20:24:48.336664Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T20:24:56.024Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "bitnami/cassandra",
          "vendor": "Bitnami",
          "versions": [
            {
              "lessThan": "4.0.20-photon-5-r7",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.1.11-photon-5-r7",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.0.8-photon-5-r4",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path.\n\nAffected versions \u2014 Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3."
            }
          ],
          "value": "Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path.\n\nAffected versions \u2014 Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Remote attackers with network access to the Cassandra CQL port can authenticate using the default cassandra:cassandra credentials to obtain full superuser privileges, allowing complete read and write access to all keyspaces and tables, including dropping keyspaces and altering cluster topology (High Confidentiality, Integrity, and Availability impact)."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-18T18:39:47.087Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://github.com/bitnami/containers/security/advisories/GHSA-8q3j-37vg-8fc2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-47846",
    "datePublished": "2026-06-18T18:39:47.087Z",
    "dateReserved": "2026-05-20T10:00:53.146Z",
    "dateUpdated": "2026-06-18T20:24:56.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47847 (GCVE-0-2026-47847)

Vulnerability from cvelistv5 – Published: 2026-06-18 18:37 – Updated: 2026-06-18 20:24
VLAI?
Summary
Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables defaulted to monitor and monitor respectively. This user is granted REPLICATION CLIENT privileges from any host ('%'). The Bitnami Helm chart for MariaDB Galera did not expose parameters to configure this user's credentials, resulting in all chart deployments using this publicly known credential by default. Affected versions — Container image: 10.6.x prior to 10.6.27-photon-5-r0; 10.11.x prior to 10.11.17-photon-5-r1; 11.4.x prior to 11.4.12-photon-5-r0; 11.8.x prior to 11.8.7-photon-5-r1; 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0. Helm chart: prior to 18.3.0.
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Vendor Product Version
Bitnami bitnami/mariadb-galera Affected: 10.6.0 , < 10.6.27-photon-5-r0 (custom)
Affected: 10.11.0 , < 10.11.17-photon-5-r1 (custom)
Affected: 11.4.0 , < 11.4.12-photon-5-r0 (custom)
Affected: 11.8.0 , < 11.8.7-photon-5-r1 (custom)
Affected: 12.3.0 , < 12.3.2-photon-5-r0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-18T20:24:19.143214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T20:24:27.928Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "bitnami/mariadb-galera",
          "vendor": "Bitnami",
          "versions": [
            {
              "lessThan": "10.6.27-photon-5-r0",
              "status": "affected",
              "version": "10.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "10.11.17-photon-5-r1",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "custom"
            },
            {
              "lessThan": "11.4.12-photon-5-r0",
              "status": "affected",
              "version": "11.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "11.8.7-photon-5-r1",
              "status": "affected",
              "version": "11.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "12.3.2-photon-5-r0",
              "status": "affected",
              "version": "12.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "bitnami/mariadb-galera Helm chart",
          "vendor": "Bitnami",
          "versions": [
            {
              "lessThan": "18.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables defaulted to monitor and monitor respectively. This user is granted REPLICATION CLIENT privileges from any host (\u0027%\u0027). The Bitnami Helm chart for MariaDB Galera did not expose parameters to configure this user\u0027s credentials, resulting in all chart deployments using this publicly known credential by default.\n\nAffected versions \u2014 Container image: 10.6.x prior to 10.6.27-photon-5-r0; 10.11.x prior to 10.11.17-photon-5-r1; 11.4.x prior to 11.4.12-photon-5-r0; 11.8.x prior to 11.8.7-photon-5-r1; 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0. Helm chart: prior to 18.3.0."
            }
          ],
          "value": "Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables defaulted to monitor and monitor respectively. This user is granted REPLICATION CLIENT privileges from any host (\u0027%\u0027). The Bitnami Helm chart for MariaDB Galera did not expose parameters to configure this user\u0027s credentials, resulting in all chart deployments using this publicly known credential by default.\n\nAffected versions \u2014 Container image: 10.6.x prior to 10.6.27-photon-5-r0; 10.11.x prior to 10.11.17-photon-5-r1; 11.4.x prior to 11.4.12-photon-5-r0; 11.8.x prior to 11.8.7-photon-5-r1; 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0. Helm chart: prior to 18.3.0."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Remote attackers with network access to the MariaDB port can authenticate using the default monitor:monitor credentials to retrieve replication metadata such as primary host, port, binary log file, and log position (Low Confidentiality impact, no Integrity or Availability impact)."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-18T18:37:47.677Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://github.com/bitnami/containers/security/advisories/GHSA-xcv9-cg8m-3mf2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-47847",
    "datePublished": "2026-06-18T18:37:47.677Z",
    "dateReserved": "2026-05-20T10:00:53.146Z",
    "dateUpdated": "2026-06-18T20:24:27.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22728 (GCVE-0-2026-22728)

Vulnerability from cvelistv5 – Published: 2026-02-26 00:50 – Updated: 2026-02-26 15:58
VLAI?
Title
sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations
Summary
Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation (/v1/rotate) flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim SealedSecret to the rotate endpoint with the annotation sealedsecrets.bitnami.com/cluster-wide=true injected into the template metadata, a remote attacker can obtain a rotated version of the secret that is cluster-wide. This bypasses original "strict" or "namespace-wide" constraints, allowing the attacker to retarget and unseal the secret in any namespace or under any name to recover the plaintext credentials.
CWE
Assigner
Impacted products
Vendor Product Version
Bitnami sealed-secrets Affected: 0.35.0 , < <0.36.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22728",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T15:58:00.603738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:58:32.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "sealed-secrets",
          "vendor": "Bitnami",
          "versions": [
            {
              "lessThan": "\u003c0.36.0",
              "status": "affected",
              "version": "0.35.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003eBitnami \u003c/span\u003e\u003cb\u003eSealed Secrets\u003c/b\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003e\u0026nbsp;is vulnerable to a scope-widening attack during\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003ethe secret rotation (/v1/rotate) flow. The rotation handler derives the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003esealing scope for the newly encrypted output from untrusted\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003espec.template.metadata.annotations present in the input SealedSecret.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003eBy submitting a victim SealedSecret to the rotate endpoint with the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003eannotation sealedsecrets.bitnami.com/cluster-wide=true injected into the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003etemplate metadata, a remote attacker can obtain a rotated version of the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003esecret that is cluster-wide. This bypasses original \"strict\" or\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003e\"namespace-wide\" constraints, allowing the attacker to retarget and unseal\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003ethe secret in any namespace or under any name to recover the plaintext\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003ecredentials.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Bitnami Sealed Secrets\u00a0is vulnerable to a scope-widening attack during\nthe secret rotation (/v1/rotate) flow. The rotation handler derives the\nsealing scope for the newly encrypted output from untrusted\nspec.template.metadata.annotations present in the input SealedSecret.\nBy submitting a victim SealedSecret to the rotate endpoint with the\nannotation sealedsecrets.bitnami.com/cluster-wide=true injected into the\ntemplate metadata, a remote attacker can obtain a rotated version of the\nsecret that is cluster-wide. This bypasses original \"strict\" or\n\"namespace-wide\" constraints, allowing the attacker to retarget and unseal\nthe secret in any namespace or under any name to recover the plaintext\ncredentials."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T00:50:00.863Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://github.com/bitnami-labs/sealed-secrets/security/advisories/GHSA-465p-v42x-3fmj"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-22728",
    "datePublished": "2026-02-26T00:50:00.863Z",
    "dateReserved": "2026-01-09T06:54:41.497Z",
    "dateUpdated": "2026-02-26T15:58:32.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}