Lucene search
GoogleOSV:GO-2022-0629HistoryFeb 15, 2022 - 1:57 a.m.
Directory traversal in sigs.k8s.io/secrets-store-csi-driver
2022-02-1501:57:18
Google
osv.dev
9
0.001 Low
EPSS
Percentile
37.5%
Modifying pod status allows host directory traversal.
Kubernetes Secrets Store CSI Driver allows an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sigs.k8s.io/secrets-store-csi-driver | lt | 0.0.17 | |
| sigs.k8s.io/secrets-store-csi-driver | ge | 0.0.15 |
Related
osv
osv
Directory traversal in Kubernetes Secrets Store CSI Driver
2022-02-15 01:57:18
CVE-2020-8568
2021-01-21 17:15:14
gitlab
gitlab
nvd
nvd
CVE-2020-8568
2021-01-21 17:15:14
prion
prion
Code injection
2021-01-21 17:15:00
cve
cve
CVE-2020-8568
2021-01-21 17:15:14
veracode
veracode
Directory Traversal
2021-01-22 02:20:21
github
github
Directory traversal in Kubernetes Secrets Store CSI Driver
2022-02-15 01:57:18
cvelist
cvelist