143 matches found
CVE-2023-2878 Kubernetes secrets-store-csi-driver discloses service account tokens in logs
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs...
CVE-2023-2878
CVE-2023-2878 affects Kubernetes secrets-store-csi-driver. The vulnerability occurs in versions before 1.3.3, where the driver discloses service account tokens in logs. This could allow an attacker with local access or log access to read leaked tokens, enabling impersonation of the associated ser...
secrets-store-csi-driver discloses service account tokens in logs
A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged...
CVE-2023-2878
A flaw was found in the Kubernetes Secrets Store CSI Driver that could allow a local authenticated attacker to obtain sensitive information, caused by the storage of sensitive information in the log file. By gaining access to the log file, an attacker could obtain service account tokens informati...
SUSE CVE-2023-2878
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs...
GHSA-G82W-58JF-GCXX vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver...
GHSA-G82W-58JF-GCXX vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver, vault-csi-provider...
secrets-store-csi-driver discloses service account tokens in logs
A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged...
PT-2023-3262 · Kubernetes · Secrets-Store-Csi-Driver
Name of the Vulnerable Software and Affected Versions: secrets-store-csi-driver versions prior to 1.3.3 Description: The issue is related to insufficient protection of registration data in the secrets-store-csi-driver component of Kubernetes. This can allow an attacker to gain unauthorized access...
CVE-2022-46174
A potential race condition issue exists within the Amazon EFS mount helper in efs-utils and aws-efs-csi-driver when using TLS to mount file systems. The mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent...
KubeEdge Denial of Service Vulnerability
KubeEdge is an open source edge computing framework built on Kubernetes and extends containerized application orchestration and device management to hosts on the end. A denial-of-service vulnerability exists in KubeEdge versions prior to 1.11.0, prior to 1.10.1, and prior to 1.9.3, which can be...
CVE-2022-31077
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...
Null pointer dereference
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...
Design/Logic Flaw
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
CVE-2022-31077 Malicious response from KubeEdge can crash CSI Driver controller server
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...
CVE-2022-31077 Malicious response from KubeEdge can crash CSI Driver controller server
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...
CVE-2022-31077 Malicious response from KubeEdge can crash CSI Driver controller server
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...
CVE-2022-31076 Malicious Message can crash CloudCore in KubeEdge
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
CVE-2022-31076
KubeEdge vulnerability CVE-2022-31076 affects CloudCore’s UDS Server. A crafted message can trigger a nil-pointer dereference when the unixsocket switch is enabled in cloudcore.yaml, crashing CloudCore. Impact is local to the host network and assumes the attacker is an authenticated Cloud user; e...
Denial Of Service (DoS)
github.com/kubeedge/kubeedge is vulnerable to denial of service. The vulnerability exists in ExtractMessage function because of a message response causing a nil-pointer dereference in CSI Driver controller server which allows an attacker to send malicious messages causing an application crash...