This CVE has been fixed with the latest provider releases.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
CVSS Rating: Medium(4.9) CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
Specially crafted
SecretProviderClasscan write to arbitrary file paths on the host filesystem, including/var/lib/kubelet/pods.Am I vulnerable?
All supported plugins included this bug.
Affected Versions
Vault Plugin: < v0.0.6
Azure Plugin: < v0.0.10
GCP Plugin: < v0.2.0
How do I mitigate this vulnerability?
Update plugins to versions that include fixes.
Fixed Versions
Vault Plugin: v0.0.6 - fixed by #50
Azure Plugin: v0.0.10 - fixed by #298
GCP Plugin: v0.2.0 - fixed by #74
Detection
SecretProviderClasswithobjectName,objectAliasorfileNamethat includes..The text was updated successfully, but these errors were encountered: