CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8567

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.2%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 4.0

References

Products affected by CVE-2020-8567

Google » Secret Manager Provider For Secret Store Csi Driver » Version: N/A

cpe:2.3:a:google:secret_manager_provider_for_secret_store_csi_driver:-
Hashicorp » Vault Provider For Secrets Store Csi Driver » Version: N/A

cpe:2.3:a:hashicorp:vault_provider_for_secrets_store_csi_driver:-
Microsoft » Azure Key Vault Provider For Secrets Store Csi Driver » Version: N/A

cpe:2.3:a:microsoft:azure_key_vault_provider_for_secrets_store_csi_driver:-
Microsoft » Azure Key Vault Provider For Secrets Store Csi Driver » Version: 0.0.1

cpe:2.3:a:microsoft:azure_key_vault_provider_for_secrets_store_csi_driver:0.0.1
Microsoft » Azure Key Vault Provider For Secrets Store Csi Driver » Version: 0.0.2

cpe:2.3:a:microsoft:azure_key_vault_provider_for_secrets_store_csi_driver:0.0.2
Microsoft » Azure Key Vault Provider For Secrets Store Csi Driver » Version: 0.0.3

cpe:2.3:a:microsoft:azure_key_vault_provider_for_secrets_store_csi_driver:0.0.3
Microsoft » Azure Key Vault Provider For Secrets Store Csi Driver » Version: 0.0.4

cpe:2.3:a:microsoft:azure_key_vault_provider_for_secrets_store_csi_driver:0.0.4
Microsoft » Azure Key Vault Provider For Secrets Store Csi Driver » Version: 0.0.5

cpe:2.3:a:microsoft:azure_key_vault_provider_for_secrets_store_csi_driver:0.0.5
Microsoft » Azure Key Vault Provider For Secrets Store Csi Driver » Version: 0.0.6

cpe:2.3:a:microsoft:azure_key_vault_provider_for_secrets_store_csi_driver:0.0.6
Microsoft » Azure Key Vault Provider For Secrets Store Csi Driver » Version: 0.0.7

cpe:2.3:a:microsoft:azure_key_vault_provider_for_secrets_store_csi_driver:0.0.7
Microsoft » Azure Key Vault Provider For Secrets Store Csi Driver » Version: 0.0.8

cpe:2.3:a:microsoft:azure_key_vault_provider_for_secrets_store_csi_driver:0.0.8
Microsoft » Azure Key Vault Provider For Secrets Store Csi Driver » Version: 0.0.9

cpe:2.3:a:microsoft:azure_key_vault_provider_for_secrets_store_csi_driver:0.0.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8567

Products

Pricing

Contact Us