KubernetesCVELIST:CVE-2020-8567CVE-2020-8567 Kubernetes Secrets Store CSI Driver plugin directory traversals
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
0.001 Low
EPSS
Percentile
19.9%
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CNA Affected
[
{
"product": "Kubernetes Secrets Store CSI Driver",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "v0.0.6",
"status": "affected",
"version": "Vault Plugin",
"versionType": "custom"
},
{
"lessThan": "v0.0.10",
"status": "affected",
"version": "Azure Plugin",
"versionType": "custom"
},
{
"lessThan": "v0.2.0",
"status": "affected",
"version": "GCP Plugin",
"versionType": "custom"
}
]
}
]Related
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
0.001 Low
EPSS
Percentile
19.9%