CVE-2020-8568 - OpenCVE

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kubernetes	Secrets Store Csi Driver

Configuration 1 [-]

OR	cpe:2.3:a:kubernetes:secrets_store_csi_driver:0.0.15:::::::*
	cpe:2.3:a:kubernetes:secrets_store_csi_driver:0.0.16:::::::*

No data.

References

Link	Providers
https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378
https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4

History

No history.

MITRE

Status: PUBLISHED

Assigner: kubernetes

Published: 2021-01-21T17:09:21.450754Z

Updated: 2024-09-17T03:28:40.493Z

Reserved: 2020-02-03T00:00:00

Link: CVE-2020-8568

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-01-21T17:15:14.157

Modified: 2021-01-28T21:23:38.057

Link: CVE-2020-8568

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Kubernetes Secrets Store CSI Driver", "vendor": "Kubernetes", "versions": [{"status": "affected", "version": "Kubernetes Secrets Store CSI Driver v0.0.15"}, {"status": "affected", "version": "Kubernetes Secrets Store CSI Driver v0.0.16"}]}], "credits": [{"lang": "en", "value": "Tommy Murphy of Google"}], "datePublic": "2020-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-24", "description": "CWE-24 Path Traversal: '../filedir'", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-21T17:09:21", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"}], "source": {"defect": ["https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"], "discovery": "INTERNAL"}, "title": "Kubernetes Secrets Store CSI Driver sync/rotate directory traversal", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2020-11-10T21:00:00.000Z", "ID": "CVE-2020-8568", "STATE": "PUBLIC", "TITLE": "Kubernetes Secrets Store CSI Driver sync/rotate directory traversal"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes Secrets Store CSI Driver", "version": {"version_data": [{"version_affected": "=", "version_name": "Kubernetes Secrets Store CSI Driver", "version_value": "v0.0.15"}, {"version_affected": "=", "version_name": "Kubernetes Secrets Store CSI Driver", "version_value": "v0.0.16"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Tommy Murphy of Google"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-24 Path Traversal: '../filedir'"}]}, {"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4", "refsource": "MISC", "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"}, {"name": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378", "refsource": "MISC", "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"}]}, "source": {"defect": ["https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:03:46.239Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"}]}]}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2020-8568", "datePublished": "2021-01-21T17:09:21.450754Z", "dateReserved": "2020-02-03T00:00:00", "dateUpdated": "2024-09-17T03:28:40.493Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:secrets_store_csi_driver:0.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "5567203F-A177-45D9-B39F-6AC0911958AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:secrets_store_csi_driver:0.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "22A008F1-C37F-47FA-ADED-BB60EBE9A06C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets."}, {"lang": "es", "value": "Kubernetes Secrets Store CSI Driver versiones v0.0.15 y v0.0.16, permiten a un atacante que pueda modificar un recurso SecretProviderClassPodStatus/Status la capacidad de escribir contenido en el sistema de archivos del host y sincronizar el contenido del archivo con Kubernetes Secrets. Esto incluye rutas en la biblioteca var/lib/kubelet/pods que contienen otros secretos de Kubernetes"}], "id": "CVE-2020-8568", "lastModified": "2021-01-28T21:23:38.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2021-01-21T17:15:14.157", "references": [{"source": "jordan@liggitt.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-24"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}