Lucene search
GoogleOSV:GHSA-2V35-WJ4R-RCMVHistoryMay 24, 2022 - 5:40 p.m.
Kubernetes Secrets Store CSI Driver plugins arbitrary file write
2022-05-2417:40:02
Google
osv.dev
1
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
References
github.com/Azure/secrets-store-csi-driver-provider-azure/pull/298
github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp/pull/74
github.com/hashicorp/secrets-store-csi-driver-provider-vault/pull/50
github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384
groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY
nvd.nist.gov/vuln/detail/CVE-2020-8567
Related
github
github
Kubernetes Secrets Store CSI Driver plugins arbitrary file write
2022-05-24 17:40:02
cvelist
cvelist
gitlab
gitlab
Path Traversal
2021-01-21 00:00:00
Path Traversal
2021-01-21 00:00:00
nvd
nvd
CVE-2020-8567
2021-01-21 17:15:14
osv
osv
Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure
2024-06-05 15:10:52
CVE-2020-8567
2021-01-21 17:15:14
cve
cve
CVE-2020-8567
2021-01-21 17:15:14
prion
prion
Code injection
2021-01-21 17:15:00