RSS   Vulnerabilities for 'Secrets store csi driver'   RSS

2021-01-21
 
CVE-2020-8568

CWE-22
 

 
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.

 

 >>> Vendor: Kubernetes 12 Products
JAVA
Kubernetes
Minikube
Kube-state-metrics
Cri-o
External-provisioner
External-resizer
External-snapshotter
Nginx ingress controller
Ingress-nginx
Secrets store csi driver
Aws-iam-authenticator


Copyright 2024, cxsecurity.com

 

Back to Top