144 matches found
CVE-2020-8567
The CVE concerns Kubernetes Secrets Store CSI Driver plugins (Vault: pre-v0.0.6, Azure: pre-v0.0.10, GCP: pre-v0.2.0) that allow an attacker who can create SecretProviderClass objects to write to arbitrary file paths on the host filesystem (including /var/lib/kubelet/pods). Root cause: insecure h...
CVE-2020-8568
The CVE concerns Kubernetes Secrets Store CSI Driver (versions v0.0.15 and v0.0.16). A malicious actor who can modify a SecretProviderClassPodStatus/Status resource can write to the host filesystem and propagate file contents into Kubernetes Secrets, including paths under var/lib/kubelet/pods tha...
CVE-2020-8567 Kubernetes Secrets Store CSI Driver plugin directory traversals
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...
CVE-2020-8568 Kubernetes Secrets Store CSI Driver sync/rotate directory traversal
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that...