Jorge Turrado

**Name of the Vulnerable Software and Affected Versions** KEDA versions prior to 2.17.3 KEDA versions prior to 2.18.3 **Description** KEDA is a Kubernetes-based Event Driven Autoscaling component. A flaw exists in KEDA that could allow an attacker with permissions to create or modify a TriggerAuthentication resource to read arbitrary files from the node's filesystem where the KEDA pod resides. This is due to insufficient path validation when loading the Service Account Token specified in `spec.hashiCorpVault.credential.serviceAccount`. The attacker can direct the file's content to a server they control as part of the Vault authentication request, potentially exfiltrating sensitive system information like secrets, keys, or files such as /etc/passwd. This issue affects any KEDA resource using TriggerAuthentication with HashiCorp Vault authentication. **Recommendations** Update KEDA to version 2.17.3 or later. Update KEDA to version 2.18.3 or later.