Vulnerabilities > Kubernetes > Secrets Store CSI Driver > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-07 | CVE-2023-2878 | Information Exposure Through Log Files vulnerability in Kubernetes Secrets-Store-Csi-Driver Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | 5.5 |
2021-01-21 | CVE-2020-8568 | Path Traversal vulnerability in Kubernetes Secrets Store CSI Driver 0.0.15/0.0.16 Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. | 6.5 |