2 matches found
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that...
Kubernetes SIGs Secrets-store-csi-driver path traversal vulnerability
Kubernetes SIGs Secrets-store-csi-driver is a K8s component for storing confidential files based on CSI volumes from the Kubernetes SIGs organization. A security vulnerability exists in Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16, which can be exploited by an attacker to modi...