Lucene search
K

143 matches found

Vulnrichment
Vulnrichment
added 2023/06/07 2:35 p.m.13 views

CVE-2023-2878 Kubernetes secrets-store-csi-driver discloses service account tokens in logs

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References3
CVE
CVE
added 2023/06/07 2:35 p.m.972 views

CVE-2023-2878

CVE-2023-2878 affects Kubernetes secrets-store-csi-driver. The vulnerability occurs in versions before 1.3.3, where the driver discloses service account tokens in logs. This could allow an attacker with local access or log access to read leaked tokens, enabling impersonation of the associated ser...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References3Affected Software1
Kubernetes Security Advisories
Kubernetes Security Advisories
added 2023/06/02 7:3 p.m.7 views

secrets-store-csi-driver discloses service account tokens in logs

A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged...

6.5CVSS6.2AI score0.00372EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2023/05/29 9:40 a.m.27 views

CVE-2023-2878

A flaw was found in the Kubernetes Secrets Store CSI Driver that could allow a local authenticated attacker to obtain sensitive information, caused by the storage of sensitive information in the log file. By gaining access to the log file, an attacker could obtain service account tokens informati...

6.5CVSS6AI score0.00372EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/05/27 2:28 a.m.3 views

SUSE CVE-2023-2878

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs...

6.5CVSS7AI score0.00372EPSS
Exploits1References3
Wolfi
Wolfi
added 2023/05/26 1:59 p.m.19 views

GHSA-G82W-58JF-GCXX vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2023/05/26 1:59 p.m.30 views

GHSA-G82W-58JF-GCXX vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver, vault-csi-provider...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/05/26 1:59 p.m.32 views

secrets-store-csi-driver discloses service account tokens in logs

A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged...

6.5CVSS6.1AI score0.00372EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/25 12:0 a.m.3 views

PT-2023-3262 · Kubernetes · Secrets-Store-Csi-Driver

Name of the Vulnerable Software and Affected Versions: secrets-store-csi-driver versions prior to 1.3.3 Description: The issue is related to insufficient protection of registration data in the secrets-store-csi-driver component of Kubernetes. This can allow an attacker to gain unauthorized access...

6.5CVSS6.7AI score0.00372EPSS
Exploits1References17
RedhatCVE
RedhatCVE
added 2023/01/04 9:5 p.m.43 views

CVE-2022-46174

A potential race condition issue exists within the Amazon EFS mount helper in efs-utils and aws-efs-csi-driver when using TLS to mount file systems. The mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent...

5.6CVSS1.4AI score0.0059EPSS
Exploits0References6
CNVD
CNVD
added 2022/06/30 12:0 a.m.34 views

KubeEdge Denial of Service Vulnerability

KubeEdge is an open source edge computing framework built on Kubernetes and extends containerized application orchestration and device management to hosts on the end. A denial-of-service vulnerability exists in KubeEdge versions prior to 1.11.0, prior to 1.10.1, and prior to 1.9.3, which can be...

5.7CVSS5.3AI score0.00779EPSS
Exploits0References1
NVD
NVD
added 2022/06/27 9:15 p.m.30 views

CVE-2022-31077

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...

5.7CVSS0.00779EPSS
Exploits0References3
Prion
Prion
added 2022/06/27 9:15 p.m.13 views

Null pointer dereference

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...

3.5CVSS5.5AI score0.00779EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/06/27 8:15 p.m.20 views

Design/Logic Flaw

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...

2.7CVSS5.4AI score0.00614EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/27 8:10 p.m.9 views

CVE-2022-31077 Malicious response from KubeEdge can crash CSI Driver controller server

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...

4CVSS4.7AI score0.00779EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/06/27 8:10 p.m.37 views

CVE-2022-31077 Malicious response from KubeEdge can crash CSI Driver controller server

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...

4CVSS5.7AI score0.00779EPSS
Exploits0References3
OSV
OSV
added 2022/06/27 8:10 p.m.29 views

CVE-2022-31077 Malicious response from KubeEdge can crash CSI Driver controller server

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...

4CVSS5.7AI score0.00779EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/06/27 8:10 p.m.38 views

CVE-2022-31076 Malicious Message can crash CloudCore in KubeEdge

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...

4.2CVSS5.6AI score0.00614EPSS
Exploits1References2
CVE
CVE
added 2022/06/27 8:10 p.m.86 views

CVE-2022-31076

KubeEdge vulnerability CVE-2022-31076 affects CloudCore’s UDS Server. A crafted message can trigger a nil-pointer dereference when the unixsocket switch is enabled in cloudcore.yaml, crashing CloudCore. Impact is local to the host network and assumes the attacker is an authenticated Cloud user; e...

5.7CVSS4.7AI score0.00614EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2022/06/27 6:34 a.m.24 views

Denial Of Service (DoS)

github.com/kubeedge/kubeedge is vulnerable to denial of service. The vulnerability exists in ExtractMessage function because of a message response causing a nil-pointer dereference in CSI Driver controller server which allows an attacker to send malicious messages causing an application crash...

5.7CVSS5.3AI score0.00779EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder