Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
2021-01-21T17:15:14.063
2024-11-21T05:39:02.770
Modified
CVSSv3.1: 4.9 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:P/A:N
8.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | secret_manager_provider_for_secret_store_csi_driver | < 0.2.0 | Yes | |
Application | hashicorp | vault_provider_for_secrets_store_csi_driver | < 0.0.6 | Yes |
Application | microsoft | azure_key_vault_provider_for_secrets_store_csi_driver | < 0.0.10 | Yes |