Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Kubernetes

Kubernetes Secrets Store CSI Driver

5 Versions 2 CVEs

Versions

Azure Plugin

OTHER 1 CVE

Kubernetes Secrets Store CSI Driver v0.0.15

OTHER 1 CVE

Vault Plugin

OTHER 1 CVE

Kubernetes Secrets Store CSI Driver v0.0.16

OTHER 1 CVE

GCP Plugin

OTHER 1 CVE

Recent CVEs

CVE-2020-8568

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.

MEDIUM Jan 21, 2021

CVE-2020-8567

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.

MEDIUM Jan 21, 2021