| id: GO-2022-0629 |
| modules: |
| - module: sigs.k8s.io/secrets-store-csi-driver |
| versions: |
| - introduced: 0.0.15 |
| - fixed: 0.0.17 |
| vulnerable_at: 0.0.16 |
| packages: |
| - package: sigs.k8s.io/secrets-store-csi-driver/controllers |
| symbols: |
| - SecretProviderClassPodStatusReconciler.Reconcile |
| - package: sigs.k8s.io/secrets-store-csi-driver/pkg/rotation |
| symbols: |
| - Reconciler.reconcile |
| derived_symbols: |
| - Reconciler.Run |
| - package: sigs.k8s.io/secrets-store-csi-driver/pkg/secrets-store |
| symbols: |
| - nodeServer.NodeUnpublishVolume |
| derived_symbols: |
| - SecretsStore.Run |
| summary: Directory traversal in sigs.k8s.io/secrets-store-csi-driver |
| description: |- |
| Modifying pod status allows host directory traversal. |
| |
| Kubernetes Secrets Store CSI Driver allows an attacker who can modify a |
| SecretProviderClassPodStatus/Status resource the ability to write content to the |
| host filesystem and sync file contents to Kubernetes Secrets. This includes |
| paths under var/lib/kubelet/pods that contain other Kubernetes Secrets. |
| published: 2022-02-15T01:57:18Z |
| cves: |
| - CVE-2020-8568 |
| ghsas: |
| - GHSA-5cgx-vhfp-6cf9 |
| credits: |
| - tam7t (Tommy Murphy) |
| references: |
| - fix: https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/371 |
| - fix: https://github.com/kubernetes-sigs/secrets-store-csi-driver/commit/c2cbb19e2eef16638fa0523383788a4bc22231fd |
| review_status: REVIEWED |