Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in...
6.5CVSS
5.3AI Score
0.0004EPSS
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that...
6.5CVSS
6.2AI Score
0.001EPSS
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including...
6.5CVSS
6.4AI Score
0.001EPSS