Vulnerabilities > Microsoft > Azure KEY Vault Provider FOR Secrets Store CSI Driver > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-21 CVE-2020-8567 Path Traversal vulnerability in multiple products
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
network
low complexity
google hashicorp microsoft CWE-22
6.5