| id: GO-2024-2861 |
| modules: |
| - module: sigs.k8s.io/azurefile-csi-driver |
| versions: |
| - fixed: 1.29.4 |
| - introduced: 1.30.0 |
| - fixed: 1.30.1 |
| vulnerable_at: 1.30.0 |
| summary: azure-file-csi-driver leaks service account tokens in the logs in sigs.k8s.io/azurefile-csi-driver |
| cves: |
| - CVE-2024-3744 |
| ghsas: |
| - GHSA-qjqg-4wg7-957h |
| references: |
| - advisory: https://github.com/advisories/GHSA-qjqg-4wg7-957h |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-3744 |
| - web: http://www.openwall.com/lists/oss-security/2024/05/09/4 |
| - web: https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/a1b7446de942136419f07394efeef804523f87ae |
| - web: https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/e11ff3dc2c03894cde692213308f9991e7bbd5bf |
| - web: https://github.com/kubernetes/kubernetes/issues/124759 |
| - web: https://groups.google.com/g/kubernetes-security-announce/c/hcgZE2MQo1A/m/Y4C6q-CYAgAJ |
| source: |
| id: GHSA-qjqg-4wg7-957h |
| created: 2024-06-26T14:07:32.476769-04:00 |
| review_status: UNREVIEWED |
