CVE-2020-8567

Name of the Vulnerable Software and Affected Versions: Kubernetes Secrets Store CSI Driver Vault Plugin versions prior to v0.0.6 Kubernetes Secrets Store CSI Driver Azure Plugin versions prior to v0.0.10 Kubernetes Secrets Store CSI Driver GCP Plugin versions prior to v0.2.0

Description: The issue allows an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods. This can be achieved by exploiting the vulnerability in the Kubernetes Secrets Store CSI Driver plugins.

Recommendations: For Kubernetes Secrets Store CSI Driver Vault Plugin versions prior to v0.0.6, update to version v0.0.6 or later. For Kubernetes Secrets Store CSI Driver Azure Plugin versions prior to v0.0.10, update to version v0.0.10 or later. For Kubernetes Secrets Store CSI Driver GCP Plugin versions prior to v0.2.0, update to version v0.2.0 or later. As a temporary workaround, consider restricting the creation of SecretProviderClass objects to minimize the risk of exploitation.