Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 21/01/2021 Updated: 27/08/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google secret manager provider for secret store csi driver
hashicorp vault provider for secrets store csi driver
microsoft azure key vault provider for secrets store csi driver

CWE-22 https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384 https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-8567

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect