Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: kubernetes
Published: 2021-01-21T17:09:21.450754Z
Updated: 2024-09-17T03:28:40.493Z
Reserved: 2020-02-03T00:00:00
Link: CVE-2020-8568
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-01-21T17:15:14.157
Modified: 2024-11-21T05:39:02.890
Link: CVE-2020-8568
Redhat
No data.