CVE-2023-2878

Name of the Vulnerable Software and Affected Versions secrets-store-csi-driver versions prior to 1.3.3

Description The issue is related to insufficient protection of registration data in the secrets-store-csi-driver component of Kubernetes. This can allow an attacker to gain unauthorized access to protected information. Specifically, service account tokens are disclosed in logs. The tokens could potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.

Recommendations To mitigate this vulnerability, run secrets-store-csi-driver at log level 0 or 1 via the -v flag. Upgrade to secrets-store-csi-driver version 1.3.3 or later, referring to the documentation for upgrade instructions.