Lucene search

Redhat.comRH:CVE-2023-2878

HistoryMay 29, 2023 - 9:40 a.m.

CVE-2023-2878

2023-05-2909:40:33

redhat.com

access.redhat.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

14.4%

JSON

A flaw was found in the Kubernetes Secrets Store CSI Driver that could allow a local authenticated attacker to obtain sensitive information, caused by the storage of sensitive information in the log file. By gaining access to the log file, an attacker could obtain service account tokens information and use this information to launch further attacks against the affected system.

References

bugzilla.redhat.com/show_bug.cgi?id=2210717

nvd.nist.gov/vuln/detail/CVE-2023-2878

www.cve.org/CVERecord?id=CVE-2023-2878

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

14.4%

JSON

Related for RH:CVE-2023-2878