kubernetes-sigs/secrets-store-csi-driver

kubernetes-sigs/secrets-store-csi-driver

secrets-store-csi-driver.sigs.k8s.io

Releases60

Frequency1 month 2 weeks

Last Release about 2 months ago

Stars1.54K

Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-8567 ↗	Jan 21, 2021Thursday, 21 January 2021, 17:15	4.9 MEDIUM	4 MEDIUM
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568 ↗	Jan 21, 2021Thursday, 21 January 2021, 17:15	5.8 MEDIUM	4.9 MEDIUM
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.