GoogleOSV:GO-2023-1793secrets-store-csi-driver discloses service account tokens in logs in sigs.k8s.io/secrets-store-csi-driver
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
Low
secrets-store-csi-driver discloses service account tokens in logs in sigs.k8s.io/secrets-store-csi-driver
References
github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v1.3.3
github.com/kubernetes-sigs/secrets-store-csi-driver/security/advisories/GHSA-g82w-58jf-gcxx
github.com/kubernetes/kubernetes/issues/118419
groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ
nvd.nist.gov/vuln/detail/CVE-2023-2878
security.netapp.com/advisory/ntap-20230814-0003
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
Low