sigs.k8s.io/secrets-store-csi-driver

Go2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting sigs.k8s.io/secrets-store-csi-driverpage 1 of 1

CVE-2020-8568MEDIUMCVSS 5.8EG 5.8✓ Fixed in 0.0.17
2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secre…
CVE-2023-2878MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.3.3
2023-06-07
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

Check whether sigs.k8s.io/secrets-store-csi-driver is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sigs.k8s.io/secrets-store-csi-driver CVEs against the assets you own.

Start Free Scan →