{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2878", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2023-05-24T22:10:01.825Z", "datePublished": "2023-06-07T14:35:10.295Z", "dateUpdated": "2025-02-13T16:48:51.962Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2023-08-14T18:06:17.787Z"}, "title": "Kubernetes secrets-store-csi-driver discloses service account tokens in logs", "datePublic": "2023-05-25T04:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "Kubernetes", "product": "secrets-store-csi-driver", "repo": "https://github.com/kubernetes-sigs/secrets-store-csi-driver", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.3", "versionType": "semver"}, {"status": "unaffected", "version": "1.3.3"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.<br>"}]}], "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/118419", "tags": ["issue-tracking"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ", "tags": ["mailing-list"]}, {"url": "https://security.netapp.com/advisory/ntap-20230814-0003/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}}], "workarounds": [{"lang": "en", "value": "Prior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Prior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.</p>"}]}], "credits": [{"lang": "en", "value": "Tomer Shaiman", "user": "00000000-0000-4000-9000-000000000000", "type": "reporter"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:41:02.447Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/118419", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230814-0003/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-06T21:04:21.178942Z", "id": "CVE-2023-2878", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T21:04:31.624Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/118419", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230814-0003/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:41:02.447Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2878", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-06T21:04:21.178942Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T21:04:27.938Z"}}], "cna": {"title": "Kubernetes secrets-store-csi-driver discloses service account tokens in logs", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Tomer Shaiman"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes-sigs/secrets-store-csi-driver", "vendor": "Kubernetes", "product": "secrets-store-csi-driver", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.3", "versionType": "semver"}, {"status": "unaffected", "version": "1.3.3"}], "defaultStatus": "unaffected"}], "datePublic": "2023-05-25T04:00:00.000Z", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/118419", "tags": ["issue-tracking"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ", "tags": ["mailing-list"]}, {"url": "https://security.netapp.com/advisory/ntap-20230814-0003/"}], "workarounds": [{"lang": "en", "value": "Prior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.", "supportingMedia": [{"type": "text/html", "value": "<p>Prior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.", "supportingMedia": [{"type": "text/html", "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2023-08-14T18:06:17.787Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2878", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:48:51.962Z", "dateReserved": "2023-05-24T22:10:01.825Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2023-06-07T14:35:10.295Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:secrets-store-csi-driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE39B6E7-61B5-482B-953C-BA5441CD85C7", "versionEndExcluding": "1.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs."}], "id": "CVE-2023-2878", "lastModified": "2025-02-13T17:16:23.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "jordan@liggitt.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-07T15:15:09.377", "references": [{"source": "jordan@liggitt.net", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/kubernetes/kubernetes/issues/118419"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230814-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/kubernetes/kubernetes/issues/118419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230814-0003/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "jordan@liggitt.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "secrets-store-csi-driver: secrets-store-csi-driver discloses service account tokens in logs", "id": "2210717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210717"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-532", "details": ["Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.", "A flaw was found in the Kubernetes Secrets Store CSI Driver that could allow a local authenticated attacker to obtain sensitive information, caused by the storage of sensitive information in the log file. By gaining access to the log file, an attacker could obtain service account tokens information and use this information to launch further attacks against the affected system."], "name": "CVE-2023-2878", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2023-05-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-2878\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2878"], "statement": "No Red Hat product includes code from secrets-store-csi-driver.", "threat_severity": "Moderate"}