67 matches found
CVE-2025-7445 Kubernetes secrets-store-sync-controller discloses service account tokens in logs
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...
CVE-2025-7445 Kubernetes secrets-store-sync-controller discloses service account tokens in logs
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...
PT-2025-36631
Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vau...
PT-2025-36106
Name of the Vulnerable Software and Affected Versions Kubernetes secrets-store-sync-controller versions prior to 0.0.2 Description The Kubernetes secrets-store-sync-controller discloses service account tokens in logs. Recommendations Update to version 0.0.2 or later...
secrets-store-sync-controller discloses service account tokens in logs
A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are onl...
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: cortex, newrelic-infra-operator, aws-efs-csi-driver, kubernetes-dns-node-cache, nerdctl, terraform, direnv, kubebuilder, grafana-operator, nri-nagios, sbomqs, src, golangci-lint, argo-workflows, rqlite, nfs-subdir-external-provisioner,...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: cortex, fulcio, sigstore-scaffolding, kubescape, wal-g, py3-azure-identity, airflow, hugo-extended, trino, cluster-autoscaler, datadog-agent, goreleaser, sqlpad, buildkitd, flux-source-controller, pulumi, step-ca, tkn, trivy, chezmoi, argo-workflows, velero, zot,...
GO-2024-2750 Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure
Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: kpt, cilium, secrets-store-csi-driver-provider-azure, prometheus-elasticsearch-exporter, k8sgpt-operator, configmap-reload-fips, runc, logstash-exporter-fips, restic, atlantis-fips, kube-bench, kubewatch, request-1279, vexctl, conftest-fips, minio-fips,...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: cortex, newrelic-infra-operator, aws-efs-csi-driver, gitsign, kubernetes-dns-node-cache, nerdctl, terraform, terraform-provider-google, conftest, crossplane-provider-aws-dynamodb, crossplane-provider-family-aws, grafana-operator, falcosidekick, src, golangci-lint,...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kpt, cilium, secrets-store-csi-driver-provider-azure, prometheus-elasticsearch-exporter, k8sgpt-operator, configmap-reload-fips, runc, logstash-exporter-fips, restic, atlantis-fips, kube-bench, kubewatch, request-1279, vexctl, conftest-fips, minio-fips,...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: cluster-autoscaler-fips, prometheus-blackbox-exporter, dynamic-localpv-provisioner-fips, slsa-verifier, buildkitd, prometheus-adapter-fips, bank-vaults-fips, terraform-provider-sendgrid-fips, metrics-server-fips, kubeflow-fips, kubevela, up, falco, vault-csi-provider...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: cortex, kubeflow, kubescape, slsa-verifier, up, prometheus-blackbox-exporter, terraform-provider-sendgrid, kubevela, spark-operator, buildkitd, dgraph, scorecard, src, aactl, falco, k3d...
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, kpt, aws-load-balancer-controller-fips, skaffold, slsa-verifier, prometheus-elasticsearch-exporter, pulumi-kubernetes-operator, metrics-server-fips, k8sgpt-operator, fuse-overlayfs-snapshotter, configmap-reload-fips, git-lfs,...
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, kpt, aws-load-balancer-controller-fips, skaffold, slsa-verifier, prometheus-elasticsearch-exporter, pulumi-kubernetes-operator, metrics-server-fips, k8sgpt-operator, fuse-overlayfs-snapshotter, configmap-reload-fips, git-lfs,...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: cortex, aws-efs-csi-driver, terraform, conftest, src, rqlite, secrets-store-csi-driver-provider-gcp, dex, flux-notification-controller, bom, cue, prometheus-blackbox-exporter, kubevela, kubernetes-csi-livenessprobe, kaf, newrelic-infrastructure-agent, hey, kubeflow,...
The vulnerability of the secrets-store-csi-driver driver of the Kubernetes cluster management software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the secrets-store-csi-driver driver in the Kubernetes cluster management software is related to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Insertion Of Sensitive Information Into Log File
sigs.k8s.io/secrets-store-csi-driver is vulnerable to Insertion of Sensitive Information Into Log File. An attacker with access to the driver logs could observe service account tokens due to the NodePublishVolume function of nodeserver.go...
CVE-2023-2878
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs...
CVE-2023-2878 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver, vault-csi-provider...