Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-8567: Plugin directory traversals #384

Closed
tam7t opened this issue Nov 16, 2020 · 2 comments
Closed

CVE-2020-8567: Plugin directory traversals #384

tam7t opened this issue Nov 16, 2020 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@tam7t
Copy link
Contributor

tam7t commented Nov 16, 2020

CVSS Rating: Medium(4.9) CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L

Specially crafted SecretProviderClass can write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.

Am I vulnerable?

All supported plugins included this bug.

Affected Versions

Vault Plugin: < v0.0.6
Azure Plugin: < v0.0.10
GCP Plugin: < v0.2.0

How do I mitigate this vulnerability?

Update plugins to versions that include fixes.

Fixed Versions

Vault Plugin: v0.0.6 - fixed by #50
Azure Plugin: v0.0.10 - fixed by #298
GCP Plugin: v0.2.0 - fixed by #74

Detection

SecretProviderClass with objectName, objectAlias or fileName that includes ..

@tam7t tam7t added the kind/bug Categorizes issue or PR as related to a bug. label Nov 16, 2020
@aramase
Copy link
Member

aramase commented Nov 16, 2020

This CVE has been fixed with the latest provider releases.

/close

@k8s-ci-robot
Copy link
Contributor

@aramase: Closing this issue.

In response to this:

This CVE has been fixed with the latest provider releases.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Development

No branches or pull requests

3 participants