Go modules package
sigs.k8s.io/secrets-store-csi-driver
pkg:golang/sigs.k8s.io/secrets-store-csi-driver
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2878 | — | < 1.3.3 | 1.3.3 | Jun 7, 2023 | Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | ||
| CVE-2020-8568 | — | >= 0.0.15, < 0.0.17 | 0.0.17 | Jan 21, 2021 | Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kub |
- CVE-2023-2878Jun 7, 2023affected < 1.3.3fixed 1.3.3
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.
- CVE-2020-8568Jan 21, 2021affected >= 0.0.15, < 0.0.17fixed 0.0.17
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kub