RSS   Vulnerabilities for
'Vault provider for secrets store csi driver'
   RSS

2021-01-21
 
CVE-2020-8567

CWE-22
 

 
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.

 

 >>> Vendor: Hashicorp 15 Products
Sentinel
Vault
Vagrant vmware fusion
Vagrant
Terraform
Consul
Nomad
Packer
Terraform enterprise
Vault-ssh-helper
Go-slug
Vault provider for secrets store csi driver
Terraform provider
Vault-action
Go-getter


Copyright 2024, cxsecurity.com

 

Back to Top