Tam7T

Name of the Vulnerable Software and Affected Versions: Kubernetes Secrets Store CSI Driver Vault Plugin versions prior to v0.0.6 Kubernetes Secrets Store CSI Driver Azure Plugin versions prior to v0.0.10 Kubernetes Secrets Store CSI Driver GCP Plugin versions prior to v0.2.0 Description: The issue allows an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods. This can be achieved by exploiting the vulnerability in the Kubernetes Secrets Store CSI Driver plugins. Recommendations: For Kubernetes Secrets Store CSI Driver Vault Plugin versions prior to v0.0.6, update to version v0.0.6 or later. For Kubernetes Secrets Store CSI Driver Azure Plugin versions prior to v0.0.10, update to version v0.0.10 or later. For Kubernetes Secrets Store CSI Driver GCP Plugin versions prior to v0.2.0, update to version v0.2.0 or later. As a temporary workaround, consider restricting the creation of SecretProviderClass objects to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Kubernetes Secrets Store CSI Driver versions v0.0.15 through v0.0.16 Description: The issue allows an attacker who can modify a `SecretProviderClassPodStatus/Status` resource to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under `var/lib/kubelet/pods` that contain other Kubernetes Secrets. Modifying pod status enables host directory traversal. Recommendations: For versions v0.0.15 and v0.0.16, consider restricting access to the `SecretProviderClassPodStatus/Status` resource to prevent modification by unauthorized parties. As a temporary workaround, consider disabling the ability to modify `SecretProviderClassPodStatus/Status` resources until a patch is available. Restrict access to paths under `var/lib/kubelet/pods` to minimize the risk of exploitation.