Arbitrary File Write Vulnerability in Kubernetes Secrets Store CSI Driver Vault Plugin, Azure Plugin, and GCP Plugin

Arbitrary File Write Vulnerability in Kubernetes Secrets Store CSI Driver Vault Plugin, Azure Plugin, and GCP Plugin

CVE-2020-8567 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.

Learn more about our Cis Benchmark Audit For Google Cloud Computing Platform.