CVE-2020-8568 in Secrets Store CSI Driverinformation

Résumé

par MITRE • 22/01/2021

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Kubernetes

Réserver

03/02/2020

Divulgation

22/01/2021

Modérer

accepté

Entrée

VDB-168614

CPE

prêt

CWE

CWE-23 (confirmé)

CVSS

6.5 (NVD)

EPSS

0.00449

KEV

non

Activités

très faible

Secteur

Transportation, Hostingprovider, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-8568
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-8568
CVE Details	https://www.cvedetails.com/cve/CVE-2020-8568/

◂ Précédent Aperçu Suivant ▸

Want to know what is going to be exploited?

We predict KEV entries!