4 matches found
GHSA-2V35-WJ4R-RCMV Kubernetes Secrets Store CSI Driver plugins arbitrary file write
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...
Kubernetes Secrets Store CSI Driver plugins arbitrary file write
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...
CVE-2020-8567 Kubernetes Secrets Store CSI Driver plugin directory traversals
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...
Kubernetes SIGs Secrets-store-csi-driver path traversal vulnerability
Kubernetes SIGs Secrets-store-csi-driver is a K8s component for storing confidential files based on CSI volumes from the Kubernetes SIGs organization. A security vulnerability in the Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6 can be exploited by an attacker to create special...