Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2023-2878

Published: 07/06/2023 Updated: 02/10/2023
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Secrets-store-csi-driver

Vulnerability Summary

Kubernetes secrets-store-csi-driver in versions prior to 1.3.3 discloses service account tokens in logs.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kubernetes secrets-store-csi-driver

Vendor Advisories

Red Hat:
Description<!---->A flaw was found in the Kubernetes Secrets Store CSI Driver that could allow a local authenticated attacker to obtain sensitive information, caused by the storage of sensitive information in the log file By gaining access to the log file, an attacker could obtain service account tokens information and use this information to laun ...

References

CWE-532https://github.com/kubernetes/kubernetes/issues/118419https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJhttps://security.netapp.com/advisory/ntap-20230814-0003/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-2878
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook