Github.Com Metal3-Io Baremetal-Operator vulnerabilities

CVE-2024-43803 [MEDIUM] CWE-200 The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD ### Impact The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secret

CVE-2023-30841 [MEDIUM] CWE-200 Ironic and ironic-inspector may expose as ConfigMaps Ironic and ironic-inspector may expose as ConfigMaps ### Impact Ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage