Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.
References
| Link | Resource |
|---|---|
| https://github.com/kubernetes/kubernetes/issues/118419 | Exploit Issue Tracking |
| https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ | Mailing List |
| https://security.netapp.com/advisory/ntap-20230814-0003/ | Third Party Advisory |
| https://github.com/kubernetes/kubernetes/issues/118419 | Exploit Issue Tracking |
| https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ | Mailing List |
| https://security.netapp.com/advisory/ntap-20230814-0003/ | Third Party Advisory |
Configurations
History
13 Feb 2025, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. |
21 Nov 2024, 07:59
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/kubernetes/kubernetes/issues/118419 - Exploit, Issue Tracking | |
| References | () https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ - Mailing List | |
| References | () https://security.netapp.com/advisory/ntap-20230814-0003/ - Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
Information
Published : 2023-06-07 15:15
Updated : 2025-02-13 17:16
NVD link : CVE-2023-2878
Mitre link : CVE-2023-2878
CVE.ORG link : CVE-2023-2878
JSON object : View
Products Affected
kubernetes
- secrets-store-csi-driver
CWE
CWE-532
Insertion of Sensitive Information into Log File