Low severityNVD Advisory· Published Jan 21, 2021· Updated Sep 16, 2024
Kubernetes Secrets Store CSI Driver plugin directory traversals
CVE-2020-8567
Description
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/vault-csi-providerGo | < 0.0.6 | 0.0.6 |
github.com/Azure/secrets-store-csi-driver-provider-azureGo | < 0.0.10 | 0.0.10 |
github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcpGo | < 0.2.0 | 0.2.0 |
Affected products
9- osv-coords8 versionspkg:apk/chainguard/secrets-store-csi-driver-provider-azurepkg:apk/chainguard/secrets-store-csi-driver-provider-azure-fipspkg:apk/chainguard/vault-csi-providerpkg:apk/chainguard/vault-csi-provider-fipspkg:apk/wolfi/secrets-store-csi-driver-provider-azurepkg:golang/github.com/azure/secrets-store-csi-driver-provider-azurepkg:golang/github.com/googlecloudplatform/secrets-store-csi-driver-provider-gcppkg:golang/github.com/hashicorp/vault-csi-provider
< 0+ 7 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.0.10
- (no CPE)range: < 0.2.0
- (no CPE)range: < 0.0.6
- Kubernetes/Kubernetes Secrets Store CSI Driverv5Range: Vault Plugin
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-2v35-wj4r-rcmvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-8567ghsaADVISORY
- github.com/Azure/secrets-store-csi-driver-provider-azure/pull/298ghsaWEB
- github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp/pull/74ghsaWEB
- github.com/hashicorp/secrets-store-csi-driver-provider-vault/pull/50ghsaWEB
- github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384ghsax_refsource_MISCWEB
- groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHYghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.