CVE-2023-2878: Insertion of Sensitive Information into Log File

June 7, 2023 (updated August 14, 2023)

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

References

github.com/kubernetes/kubernetes/issues/118419
groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ
nvd.nist.gov/vuln/detail/CVE-2023-2878

Detect and mitigate CVE-2023-2878 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →