Security Advisory

CVE-2020-8567

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-21 17:09:21

Last updated 2024-09-16 18:23:40

Assigner kubernetes

State PUBLISHED

Description

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.

← Browse all CVEs View on cve.org ↗