Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: kubernetes

Published: 2021-01-21T17:09:21.450754Z

Updated: 2024-09-17T03:28:40.493Z

Reserved: 2020-02-03T00:00:00

Link: CVE-2020-8568

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-01-21T17:15:14.157

Modified: 2024-11-21T05:39:02.890

Link: CVE-2020-8568

cve-icon Redhat

No data.