6.5

CVE-2023-2878

Exploit

Kubernetes secrets-store-csi-driver discloses service account tokens in logs

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.288
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
jordan@liggitt.net 6.5 2 4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://github.com/kubernetes/kubernetes/issues/118419
Exploit
Issue Tracking
https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ
Mailing List
https://security.netapp.com/advisory/ntap-20230814-0003/
Third Party Advisory