EUVD-2022-0837

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 are vulnerable to file system modifications.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2020-8568	21 Jan 202120:28	–	circl
CNNVD	Kubernetes SIGs Secrets-store-csi-driver path traversal vulnerability	21 Jan 202100:00	–	cnnvd
CVE	CVE-2020-8568	21 Jan 202117:09	–	cve
Cvelist	CVE-2020-8568 Kubernetes Secrets Store CSI Driver sync/rotate directory traversal	21 Jan 202117:09	–	cvelist
Github Security Blog	Directory traversal in Kubernetes Secrets Store CSI Driver	15 Feb 202201:57	–	github
GitLab Advisory Database	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	15 Feb 202200:00	–	gitlab
GitLab Advisory Database	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	15 Feb 202200:00	–	gitlab
NVD	CVE-2020-8568	21 Jan 202117:15	–	nvd
OSV	GHSA-5CGX-VHFP-6CF9 Directory traversal in Kubernetes Secrets Store CSI Driver	15 Feb 202201:57	–	osv
OSV	GO-2022-0629 Directory traversal in sigs.k8s.io/secrets-store-csi-driver	15 Feb 202201:57	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "79e577a5-4b32-3233-9a7d-16c91a0f9e4a",
        "vendor": {
          "name": "Kubernetes"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "22a2bcbf-8eaf-34ad-997f-c9dcf855789e",
        "product": {
          "name": "Kubernetes Secrets Store CSI Driver"
        },
        "product_version": "Kubernetes Secrets Store CSI Driver v0.0.16"
      },
      {
        "id": "da09da2a-47b0-372d-be2e-cd3f9370d4f1",
        "product": {
          "name": "Kubernetes Secrets Store CSI Driver"
        },
        "product_version": "Kubernetes Secrets Store CSI Driver v0.0.15"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-8568
github	www.github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378
github	www.github.com/kubernetes-sigs/secrets-store-csi-driver/pull/371
github	www.github.com/kubernetes-sigs/secrets-store-csi-driver/commit/c2cbb19e2eef16638fa0523383788a4bc22231fd
github	www.github.com/kubernetes-sigs/secrets-store-csi-driver
groups	www.groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4
pkg	www.pkg.go.dev/vuln/GO-2022-0629

03 Oct 2025 20:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15.8 - 6.5

CVSS 24.9

EPSS0.00449