Lucene search
K

143 matches found

CBLMariner
CBLMariner
added 2024/06/28 9:8 a.m.35 views

CVE-2023-44487 affecting package csi-driver-lvm for versions less than 0.4.1-13

CVE-2023-44487 affecting package csi-driver-lvm for versions less than 0.4.1-13. This CVE either no longer is or was never applicable...

7.5CVSS8AI score0.99999EPSS
Exploits19
Wolfi
Wolfi
added 2024/06/11 5:16 p.m.115 views

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: flux-source-controller, falcoctl, rclone, spire-server, sigstore-scaffolding, flux-kustomize-controller, argo-workflows, buildkitd, cosign, cortex, datadog-agent, hugo, step, timestamp-authority, velero, terragrunt, boring-registry, sops, tkn, kubescape, chezmoi,...

5.5CVSS6.5AI score0.00788EPSS
Exploits0
Chainguard
Chainguard
added 2024/06/05 4:15 p.m.24 views

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: spicedb, aws-flb-firehose-fips, osv-scanner, docker-credential-acr-env, secrets-store-csi-driver, up, smarter-device-manager-fips, paranoia, nri-kubernetes, addon-resizer-fips, nodetaint, oras, pombump, pluto, docker-compose, kubernetes-dashboard,...

5.5CVSS6.7AI score0.00446EPSS
Exploits0
OSV
OSV
added 2024/06/05 3:10 p.m.36 views

GO-2024-2750 Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure

Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

6.5CVSS6.4AI score0.0137EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/05/15 4:27 a.m.26 views

CVE-2024-3744

A flaw was found in azure-file-csi-driver. Anyone with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions...

6.5CVSS6.2AI score0.00269EPSS
Exploits0References3
NVD
NVD
added 2024/05/15 1:15 a.m.29 views

CVE-2024-3744

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged whe...

6.5CVSS6.4AI score0.00269EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/15 12:42 a.m.16 views

CVE-2024-3744 Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged whe...

6.5CVSS6.3AI score0.00269EPSS
Exploits0References3
CVE
CVE
added 2024/05/15 12:42 a.m.64 views

CVE-2024-3744

Azure-file-csi-driver may log service account tokens when TokenRequests is enabled and the driver runs at log level 2+. This could let an actor with log access exfiltrate tokens and potentially access cloud vault secrets. Affected versions are before 1.29.4 and 1.30.1; remediation involves upgrad...

6.5CVSS6.3AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/15 12:42 a.m.28 views

CVE-2024-3744 Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged whe...

6.5CVSS6.6AI score0.00269EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.6 views

Azure File CSI Driver 安全漏洞

The Azure File CSI Driver is a driver organized by the Kubernetes SIG. A security vulnerability exists in the Azure File CSI Driver that stems from the fact that a participant with access to the driver's logs can observe the service account token...

6.5CVSS6.4AI score0.00269EPSS
Exploits0References4
Wolfi
Wolfi
added 2024/04/23 12:30 a.m.22 views

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: kubernetes-dns-node-cache, nodetaint, kubeflow-pipelines, kubernetes, ip-masq-agent, spark-operator, kubernetes-csi-driver-hostpath, argocd-image-updater, local-static-provisioner, aws-efs-csi-driver...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2024/04/22 11:15 p.m.251 views

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: kubernetes-dns-node-cache, nodetaint, kubeflow-pipelines, kubernetes, ip-masq-agent, spark-operator, kubernetes-csi-driver-hostpath, argocd-image-updater, local-static-provisioner, aws-efs-csi-driver...

2.7CVSS6.4AI score0.02224EPSS
Exploits1
Wolfi
Wolfi
added 2024/03/06 12:31 a.m.423 views

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: gitsign, crossplane-provider-aws-ec2, hubble, influx, hubble-ui, nri-prometheus, crossplane-provider-aws-iam, scorecard, apisix-ingress-controller, fulcio, certificate-transparency, nri-kubernetes, zarf, dagger, helm-operator, haproxy-ingress, metacontroller, gomplat...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2024/03/05 11:15 p.m.571 views

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: influx, wire-go, petname, docker-credential-gcr, hubble-ui, nri-prometheus, scorecard, govulncheck, dagger, helm-operator, haproxy-ingress, gomplate, kubewatch, nri-couchbase, up, dataplaneapi, hello-world-golang, nri-mssql, sonobuoy, volume-modifier-for-k8s, grype,...

4.3CVSS6.7AI score0.0108EPSS
Exploits0
Chainguard
Chainguard
added 2024/03/05 11:15 p.m.79 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: spicedb, secrets-store-csi-driver, osv-scanner, up, smarter-device-manager-fips, nri-kubernetes, nodetaint, docker-compose, kubernetes-dashboard, kubernetes-dashboard-metrics-scraper-fips, logstash-exporter-fips, ferretdb, prometheus-blackbox-exporter,...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/14 5:5 p.m.26 views

CVE-2021-44716 affecting package csi-driver-lvm for versions less than 0.4.1-15

CVE-2021-44716 affecting package csi-driver-lvm for versions less than 0.4.1-15. A patched version of the package is available...

7.5CVSS8.1AI score0.03958EPSS
Exploits0
Chainguard
Chainguard
added 2023/12/06 5:15 p.m.796 views

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: smarter-device-manager, aws-flb-kinesis, prometheus-stackdriver-exporter, ip-masq-agent, slsa-verifier, nsc, vertical-pod-autoscaler, configmap-reload, stakater-reloader, amass, prometheus-statsd-exporter-fips, gosu, smarter-device-manager-fips, sops,...

7.5CVSS6.7AI score0.01137EPSS
Exploits0
Wolfi
Wolfi
added 2023/11/14 9:31 p.m.31 views

GHSA-HQ6Q-C2X6-HMCH vulnerabilities

Vulnerabilities for packages: kubernetes-dns-node-cache, nodetaint, ip-masq-agent, spark-operator, prometheus-adapter, aws-efs-csi-driver...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2023/11/14 9:31 p.m.258 views

GHSA-HQ6Q-C2X6-HMCH vulnerabilities

Vulnerabilities for packages: aws-efs-csi-driver, kubernetes-dns-node-cache, nodetaint, ip-masq-agent, prometheus-adapter, aws-efs-csi-driver-fips, spark-operator, cluster-autoscaler-fips, aws-ebs-csi-driver...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2023/11/14 9:15 p.m.58 views

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: aws-efs-csi-driver, kubernetes-dns-node-cache, nodetaint, ip-masq-agent, prometheus-adapter, aws-efs-csi-driver-fips, spark-operator, cluster-autoscaler-fips, aws-ebs-csi-driver...

8.8CVSS6.9AI score0.03578EPSS
Exploits0
Rows per page
Query Builder