Lucene search
+L

144 matches found

CVE
CVE
added 2021/01/21 5:9 p.m.73 views

CVE-2020-8567

The CVE concerns Kubernetes Secrets Store CSI Driver plugins (Vault: pre-v0.0.6, Azure: pre-v0.0.10, GCP: pre-v0.2.0) that allow an attacker who can create SecretProviderClass objects to write to arbitrary file paths on the host filesystem (including /var/lib/kubelet/pods). Root cause: insecure h...

6.5CVSS5.8AI score0.0137EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/01/21 5:9 p.m.66 views

CVE-2020-8568

The CVE concerns Kubernetes Secrets Store CSI Driver (versions v0.0.15 and v0.0.16). A malicious actor who can modify a SecretProviderClassPodStatus/Status resource can write to the host filesystem and propagate file contents into Kubernetes Secrets, including paths under var/lib/kubelet/pods tha...

6.5CVSS5.8AI score0.01312EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/01/21 5:9 p.m.36 views

CVE-2020-8567 Kubernetes Secrets Store CSI Driver plugin directory traversals

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...

4.9CVSS6.5AI score0.0137EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/01/21 5:9 p.m.28 views

CVE-2020-8568 Kubernetes Secrets Store CSI Driver sync/rotate directory traversal

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that...

5.8CVSS6.4AI score0.01312EPSS
Exploits0References2
Rows per page
Query Builder