Advisories for Golang/Github.com/Kubernetes-Sigs/Secrets-Store-Csi-Driver package

2023

Insertion of Sensitive Information into Log File

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

2021

Path Traversal

Kubernetes Secrets Store CSI Driver allows an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.