Описание
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.
A flaw was found in the Kubernetes Secrets Store CSI Driver that could allow a local authenticated attacker to obtain sensitive information, caused by the storage of sensitive information in the log file. By gaining access to the log file, an attacker could obtain service account tokens information and use this information to launch further attacks against the affected system.
Отчет
No Red Hat product includes code from secrets-store-csi-driver.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 4 | openshift | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.
secrets-store-csi-driver discloses service account tokens in logs
Уязвимость драйвера secrets-store-csi-driver программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
6.5 Medium
CVSS3