Tshaiman

**Name of the Vulnerable Software and Affected Versions** secrets-store-csi-driver versions prior to 1.3.3 **Description** The issue is related to insufficient protection of registration data in the secrets-store-csi-driver component of Kubernetes. This can allow an attacker to gain unauthorized access to protected information. Specifically, service account tokens are disclosed in logs. The tokens could potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when `TokenRequests` is configured in the `CSIDriver` object and the driver is set to run at log level 2 or greater via the `-v` flag. **Recommendations** To mitigate this vulnerability, run secrets-store-csi-driver at log level 0 or 1 via the `-v` flag. Upgrade to secrets-store-csi-driver version 1.3.3 or later, referring to the documentation for upgrade instructions.