Lucene search

K
nvd[email protected]NVD:CVE-2023-2878
HistoryJun 07, 2023 - 3:15 p.m.

CVE-2023-2878

2023-06-0715:15:09
CWE-532
web.nvd.nist.gov
3
cve-2023-2878
kubernetes
secrets-store-csi-driver
service account tokens
logs disclosure

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

15.5%

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

Affected configurations

Nvd
Node
kubernetessecrets-store-csi-driverRange<1.3.3
VendorProductVersionCPE
kubernetessecrets-store-csi-driver*cpe:2.3:a:kubernetes:secrets-store-csi-driver:*:*:*:*:*:*:*:*

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

15.5%