Vulnerability-Lookup

CVE-2023-2878 (GCVE-0-2023-2878)

Vulnerability from cvelistv5 – Published: 2023-06-07 14:35 – Updated: 2025-02-13 16:48

Title

Kubernetes secrets-store-csi-driver discloses service account tokens in logs

Summary

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-532 - Insertion of Sensitive Information into Log File

Assigner

kubernetes

References

URL

Tags

	https://github.com/kubernetes/kubernetes/issues/118419	issue-tracking
	https://groups.google.com/g/kubernetes-security-a…	mailing-list
	https://security.netapp.com/advisory/ntap-2023081…

Impacted products

	Vendor	Product	Version
	Kubernetes	secrets-store-csi-driver	Affected: 0 , < 1.3.3 (semver) Unaffected: 1.3.3

Credits

Tomer Shaiman

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:02.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes/kubernetes/issues/118419"
          },
          {
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230814-0003/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2878",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-06T21:04:21.178942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-06T21:04:31.624Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "secrets-store-csi-driver",
          "repo": "https://github.com/kubernetes-sigs/secrets-store-csi-driver",
          "vendor": "Kubernetes",
          "versions": [
            {
              "lessThan": "1.3.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "1.3.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tomer Shaiman"
        }
      ],
      "datePublic": "2023-05-25T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\u003cbr\u003e"
            }
          ],
          "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-14T18:06:17.787Z",
        "orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
        "shortName": "kubernetes"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/kubernetes/kubernetes/issues/118419"
        },
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230814-0003/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Kubernetes secrets-store-csi-driver discloses service account tokens in logs",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePrior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.\u003c/p\u003e"
            }
          ],
          "value": "Prior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
    "assignerShortName": "kubernetes",
    "cveId": "CVE-2023-2878",
    "datePublished": "2023-06-07T14:35:10.295Z",
    "dateReserved": "2023-05-24T22:10:01.825Z",
    "dateUpdated": "2025-02-13T16:48:51.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kubernetes:secrets-store-csi-driver:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.3.3\", \"matchCriteriaId\": \"FE39B6E7-61B5-482B-953C-BA5441CD85C7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\\n\"}]",
      "id": "CVE-2023-2878",
      "lastModified": "2024-11-21T07:59:28.823",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"jordan@liggitt.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2023-06-07T15:15:09.377",
      "references": "[{\"url\": \"https://github.com/kubernetes/kubernetes/issues/118419\", \"source\": \"jordan@liggitt.net\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ\", \"source\": \"jordan@liggitt.net\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230814-0003/\", \"source\": \"jordan@liggitt.net\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/kubernetes/kubernetes/issues/118419\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230814-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "jordan@liggitt.net",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"jordan@liggitt.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-2878\",\"sourceIdentifier\":\"jordan@liggitt.net\",\"published\":\"2023-06-07T15:15:09.377\",\"lastModified\":\"2025-02-13T17:16:23.023\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:secrets-store-csi-driver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.3\",\"matchCriteriaId\":\"FE39B6E7-61B5-482B-953C-BA5441CD85C7\"}]}]}],\"references\":[{\"url\":\"https://github.com/kubernetes/kubernetes/issues/118419\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230814-0003/\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/issues/118419\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230814-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/kubernetes/kubernetes/issues/118419\", \"tags\": [\"issue-tracking\", \"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230814-0003/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T06:41:02.447Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-2878\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-06T21:04:21.178942Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-06T21:04:27.938Z\"}}], \"cna\": {\"title\": \"Kubernetes secrets-store-csi-driver discloses service account tokens in logs\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Tomer Shaiman\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/kubernetes-sigs/secrets-store-csi-driver\", \"vendor\": \"Kubernetes\", \"product\": \"secrets-store-csi-driver\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.3.3\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"1.3.3\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-05-25T04:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/kubernetes/kubernetes/issues/118419\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230814-0003/\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Prior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003ePrior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"CWE-532 Insertion of Sensitive Information into Log File\"}]}], \"providerMetadata\": {\"orgId\": \"a6081bf6-c852-4425-ad4f-a67919267565\", \"shortName\": \"kubernetes\", \"dateUpdated\": \"2023-08-14T18:06:17.787Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-2878\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T16:48:51.962Z\", \"dateReserved\": \"2023-05-24T22:10:01.825Z\", \"assignerOrgId\": \"a6081bf6-c852-4425-ad4f-a67919267565\", \"datePublished\": \"2023-06-07T14:35:10.295Z\", \"assignerShortName\": \"kubernetes\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2023-2878

Vulnerability from fkie_nvd - Published: 2023-06-07 15:15 - Updated: 2025-02-13 17:16

Severity ?

6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

References

URL	Tags
jordan@liggitt.net	https://github.com/kubernetes/kubernetes/issues/118419	Exploit, Issue Tracking
jordan@liggitt.net	https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ	Mailing List
jordan@liggitt.net	https://security.netapp.com/advisory/ntap-20230814-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/kubernetes/kubernetes/issues/118419	Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230814-0003/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	kubernetes	secrets-store-csi-driver	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kubernetes:secrets-store-csi-driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE39B6E7-61B5-482B-953C-BA5441CD85C7",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs."
    }
  ],
  "id": "CVE-2023-2878",
  "lastModified": "2025-02-13T17:16:23.023",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "jordan@liggitt.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-07T15:15:09.377",
  "references": [
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://github.com/kubernetes/kubernetes/issues/118419"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Mailing List"
      ],
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230814-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://github.com/kubernetes/kubernetes/issues/118419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230814-0003/"
    }
  ],
  "sourceIdentifier": "jordan@liggitt.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "jordan@liggitt.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-2878

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

Aliases

CVE-2023-2878

Aliases

CVE-2023-2878

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-2878",
    "id": "GSD-2023-2878"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-2878"
      ],
      "details": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\n",
      "id": "GSD-2023-2878",
      "modified": "2023-12-13T01:20:31.527858Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@kubernetes.io",
        "ID": "CVE-2023-2878",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "secrets-store-csi-driver",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "lessThan": "1.3.3",
                                "status": "affected",
                                "version": "0",
                                "versionType": "semver"
                              },
                              {
                                "status": "unaffected",
                                "version": "1.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Kubernetes"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Tomer Shaiman"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-532",
                "lang": "eng",
                "value": "CWE-532 Insertion of Sensitive Information into Log File"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/kubernetes/kubernetes/issues/118419",
            "refsource": "MISC",
            "url": "https://github.com/kubernetes/kubernetes/issues/118419"
          },
          {
            "name": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ",
            "refsource": "MISC",
            "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230814-0003/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20230814-0003/"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      },
      "work_around": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePrior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.\u003c/p\u003e"
            }
          ],
          "value": "Prior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.\n\n"
        }
      ]
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003cv1.3.3",
          "affected_versions": "All versions before 1.3.3",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-532",
            "CWE-937"
          ],
          "date": "2023-08-14",
          "description": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.",
          "fixed_versions": [
            "v1.3.3"
          ],
          "identifier": "CVE-2023-2878",
          "identifiers": [
            "CVE-2023-2878"
          ],
          "not_impacted": "",
          "package_slug": "go/github.com/kubernetes-sigs/secrets-store-csi-driver",
          "pubdate": "2023-06-07",
          "solution": "Upgrade to version 1.3.3 or above.",
          "title": "Insertion of Sensitive Information into Log File",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-2878",
            "https://github.com/kubernetes/kubernetes/issues/118419",
            "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"
          ],
          "uuid": "312f3e67-8c7a-4e98-9603-4a5322480a30",
          "versions": [
            {
              "commit": {
                "sha": "c8cfb5043a9839f08cc4fa1fd25268d9ecd880d0",
                "tags": [
                  "v1.3.3"
                ],
                "timestamp": "20230420182910"
              },
              "number": "v1.3.3"
            }
          ]
        },
        {
          "affected_range": "\u003c1.3.3",
          "affected_versions": "All versions before 1.3.3",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-05-26",
          "description": "A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when [TokenRequests is configured in the CSIDriver object](https://kubernetes-csi.github.io/docs/token-requests.html) and the driver is set to run at log level 2 or greater via the -v flag.\n\n\nThis issue has been rated MEDIUM [. and assigned CVE-2023-2878\n\n\n### Am I vulnerable?\n\nYou may be vulnerable if [TokenRequests is configured in the CSIDriver object](https://kubernetes-csi.github.io/docs/token-requests.html) and the driver is set to run at log level 2 or greater via the -v flag.\n\n\nTo check if token requests are configured, run the following command:\n\n```bash\nkubectl get csidriver secrets-store.csi.k8s.io -o jsonpath=\"{.spec.tokenRequests}\"\n```\n\nTo check if tokens are being logged, examine the secrets-store container log:\n\n```bash\nkubectl logs -l app=secrets-store-csi-driver -c secrets-store -f | grep --line-buffered \"csi.storage.k8s.io/serviceAccount.tokens\"\n```\n\n### Affected Versions\n\n- secrets-store-csi-driver \u003c 1.3.3\n\n\n### How do I mitigate this vulnerability?\n\nPrior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.\n\n\n### Fixed Versions\n\n\n- secrets-store-csi-driver \u003e= 1.3.3\n\n\nTo upgrade, refer to the documentation: https://secrets-store-csi-driver.sigs.k8s.io/getting-started/upgrades.html#upgrades\n\n\n### Detection\n\n\nExamine cloud provider logs for unexpected token exchanges, as well as unexpected access to cloud vault secrets.\n\n\nIf you find evidence that this vulnerability has been exploited, please contact [security@kubernetes.io](https://groups.google.com/)\n\n\n### Acknowledgements\n\n\nThis vulnerability was reported by Tomer Shaiman @tshaiman from Microsoft.",
          "fixed_versions": [
            "1.3.3"
          ],
          "identifier": "CVE-2023-2878",
          "identifiers": [
            "GHSA-g82w-58jf-gcxx",
            "CVE-2023-2878"
          ],
          "not_impacted": "All versions starting from 1.3.3",
          "package_slug": "go/sigs.k8s.io/secrets-store-csi-driver",
          "pubdate": "2023-05-26",
          "solution": "Upgrade to version 1.3.3 or above.",
          "title": "secrets-store-csi-driver discloses service account tokens in logs",
          "urls": [
            "https://github.com/kubernetes-sigs/secrets-store-csi-driver/security/advisories/GHSA-g82w-58jf-gcxx",
            "https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v1.3.3",
            "https://github.com/advisories/GHSA-g82w-58jf-gcxx"
          ],
          "uuid": "c871460c-a014-4067-b482-c240218aa47b"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:kubernetes:secrets-store-csi-driver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.3.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@kubernetes.io",
          "ID": "CVE-2023-2878"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-532"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kubernetes/kubernetes/issues/118419",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking"
              ],
              "url": "https://github.com/kubernetes/kubernetes/issues/118419"
            },
            {
              "name": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ",
              "refsource": "MISC",
              "tags": [
                "Mailing List"
              ],
              "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20230814-0003/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20230814-0003/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-10-02T17:08Z",
      "publishedDate": "2023-06-07T15:15Z"
    }
  }
}

WID-SEC-W-2023-1304

Vulnerability from csaf_certbund - Published: 2023-05-25 22:00 - Updated: 2023-05-25 22:00

Summary

Kubernetes: Schwachstelle ermöglicht Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Kubernetes ist ein Werkzeug zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Kubernetes ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Kubernetes ist ein Werkzeug zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Kubernetes ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1304 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1304.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1304 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1304"
      },
      {
        "category": "external",
        "summary": "Seclists.org Security Notification vom 2023-05-25",
        "url": "https://seclists.org/oss-sec/2023/q2/198"
      }
    ],
    "source_lang": "en-US",
    "title": "Kubernetes: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2023-05-25T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:51:26.324+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1304",
      "initial_release_date": "2023-05-25T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-05-25T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Kubernetes",
            "product": {
              "name": "Open Source Kubernetes",
              "product_id": "T015097",
              "product_identification_helper": {
                "cpe": "cpe:/a:kubernetes:kubernetes:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-2878",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Kubernetes. Der Fehler besteht im secrets-store-csi-Treiber. Ein lokaler Angreifer mit Zugriff auf die Treiberprotokolle kann diese Schwachstelle ausnutzen, um Dienstkonto-Token zu beobachten. Diese Token k\u00f6nnen dann m\u00f6glicherweise mit externen Cloud-Anbietern ausgetauscht werden, um auf Geheimnisse zuzugreifen, die in Cloud-Tresorl\u00f6sungen gespeichert sind."
        }
      ],
      "product_status": {
        "known_affected": [
          "T015097"
        ]
      },
      "release_date": "2023-05-25T22:00:00.000+00:00",
      "title": "CVE-2023-2878"
    }
  ]
}

GHSA-G82W-58JF-GCXX

Vulnerability from github – Published: 2023-05-26 13:59 – Updated: 2025-02-13 18:57

Summary

secrets-store-csi-driver discloses service account tokens in logs

Details

A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.

This issue has been rated MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N (6.5), and assigned CVE-2023-2878

Am I vulnerable?

You may be vulnerable if TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.

To check if token requests are configured, run the following command:

kubectl get csidriver secrets-store.csi.k8s.io -o jsonpath="{.spec.tokenRequests}"

To check if tokens are being logged, examine the secrets-store container log:

kubectl logs -l app=secrets-store-csi-driver -c secrets-store -f | grep --line-buffered "csi.storage.k8s.io/serviceAccount.tokens"

Affected Versions

secrets-store-csi-driver < 1.3.3

How do I mitigate this vulnerability?

Prior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.

Fixed Versions

secrets-store-csi-driver >= 1.3.3

To upgrade, refer to the documentation: https://secrets-store-csi-driver.sigs.k8s.io/getting-started/upgrades.html#upgrades

Detection

Examine cloud provider logs for unexpected token exchanges, as well as unexpected access to cloud vault secrets.

If you find evidence that this vulnerability has been exploited, please contact security@kubernetes.io

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "sigs.k8s.io/secrets-store-csi-driver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-2878"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-26T13:59:19Z",
    "nvd_published_at": "2023-06-07T15:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens.  These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions.  Tokens are only logged when [TokenRequests is configured in the CSIDriver object](https://kubernetes-csi.github.io/docs/token-requests.html) and the driver is set to run at log level 2 or greater via the -v flag.\n\n\nThis issue has been rated MEDIUM [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) (6.5), and assigned CVE-2023-2878\n\n\n### Am I vulnerable?\n\nYou may be vulnerable if [TokenRequests is configured in the CSIDriver object](https://kubernetes-csi.github.io/docs/token-requests.html) and the driver is set to run at log level 2 or greater via the -v flag.\n\n\nTo check if token requests are configured, run the following command:\n\n```bash\nkubectl get csidriver secrets-store.csi.k8s.io -o jsonpath=\"{.spec.tokenRequests}\"\n```\n\nTo check if tokens are being logged, examine the secrets-store container log:\n\n```bash\nkubectl logs -l app=secrets-store-csi-driver -c secrets-store -f | grep --line-buffered \"csi.storage.k8s.io/serviceAccount.tokens\"\n```\n\n### Affected Versions\n\n- secrets-store-csi-driver \u003c 1.3.3\n\n\n### How do I mitigate this vulnerability?\n\nPrior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.\n\n\n### Fixed Versions\n\n\n- secrets-store-csi-driver \u003e= 1.3.3\n\n\nTo upgrade, refer to the documentation: https://secrets-store-csi-driver.sigs.k8s.io/getting-started/upgrades.html#upgrades\n\n\n### Detection\n\n\nExamine cloud provider logs for unexpected token exchanges, as well as unexpected access to cloud vault secrets.\n\n\nIf you find evidence that this vulnerability has been exploited, please contact [security@kubernetes.io](https://groups.google.com/)",
  "id": "GHSA-g82w-58jf-gcxx",
  "modified": "2025-02-13T18:57:13Z",
  "published": "2023-05-26T13:59:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/security/advisories/GHSA-g82w-58jf-gcxx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2878"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/118419"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v1.3.3"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230814-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "secrets-store-csi-driver discloses service account tokens in logs"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-2878 (GCVE-0-2023-2878)

FKIE_CVE-2023-2878

GSD-2023-2878

WID-SEC-W-2023-1304

GHSA-G82W-58JF-GCXX

Am I vulnerable?

Affected Versions

How do I mitigate this vulnerability?

Fixed Versions

Detection

Tags

Sightings

Nomenclature