| modules: |
| - module: sigs.k8s.io/secrets-store-csi-driver |
| versions: |
| - introduced: 0.0.15 |
| fixed: 0.0.17 |
| vulnerable_at: 0.0.16 |
| packages: |
| - package: sigs.k8s.io/secrets-store-csi-driver/controllers |
| symbols: |
| - SecretProviderClassPodStatusReconciler.Reconcile |
| - package: sigs.k8s.io/secrets-store-csi-driver/pkg/rotation |
| symbols: |
| - Reconciler.reconcile |
| derived_symbols: |
| - Reconciler.Run |
| - package: sigs.k8s.io/secrets-store-csi-driver/pkg/secrets-store |
| symbols: |
| - nodeServer.NodeUnpublishVolume |
| derived_symbols: |
| - SecretsStore.Run |
| description: | |
| Modifying pod status allows host directory traversal. |
| |
| Kubernetes Secrets Store CSI Driver allows an attacker who can |
| modify a SecretProviderClassPodStatus/Status resource the ability |
| to write content to the host filesystem and sync file contents |
| to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods |
| that contain other Kubernetes Secrets. |
| published: 2022-02-15T01:57:18Z |
| cves: |
| - CVE-2020-8568 |
| ghsas: |
| - GHSA-5cgx-vhfp-6cf9 |
| credit: tam7t (Tommy Murphy) |
| references: |
| - fix: https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/371 |
| - fix: https://github.com/kubernetes-sigs/secrets-store-csi-driver/commit/c2cbb19e2eef16638fa0523383788a4bc22231fd |
