Vulnerabilities > Microsoft > Azure KEY Vault Provider FOR Secrets Store CSI Driver > 0.0.6

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-21	CVE-2020-8567	Path Traversal vulnerability in multiple products Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods. network low complexity google hashicorp microsoft CWE-22	4.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.