CVE-2020-8567: Kubernetes Secrets Store CSI Driver plugin directory traversals
First published: Thu Jan 21 2021(Updated: )
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
Credit: jordan@liggitt.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| go/github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp | <0.2.0 | 0.2.0 |
| go/github.com/Azure/secrets-store-csi-driver-provider-azure | <0.0.10 | 0.0.10 |
| go/github.com/hashicorp/vault-csi-provider | <0.0.6 | 0.0.6 |
| Google Secret Manager Provider for Secret Store CSI Driver | <0.2.0 | |
| HashiCorp Vault | <0.0.6 | |
| Microsoft Azure Key Vault Provider For Secrets Store Csi Driver | <0.0.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384
- https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY
- https://nvd.nist.gov/vuln/detail/CVE-2020-8567
- https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/298
- https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp/pull/74
- https://github.com/hashicorp/secrets-store-csi-driver-provider-vault/pull/50
- https://github.com/advisories/GHSA-2v35-wj4r-rcmv (Advisory)
Frequently Asked Questions
What is the severity of CVE-2020-8567?
CVE-2020-8567 is classified as a high-severity vulnerability due to its potential for remote file system access.
How do I fix CVE-2020-8567?
To remediate CVE-2020-8567, upgrade to versions 0.0.6, 0.0.10, or 0.2.0 of the affected Kubernetes Secrets Store CSI Driver plugins.
What are the affected versions in CVE-2020-8567?
CVE-2020-8567 affects the Hashicorp Vault Provider for Secrets Store CSI Driver prior to version 0.0.6, Azure Key Vault Provider prior to version 0.0.10, and GCP provider prior to version 0.2.0.
What can an attacker do with CVE-2020-8567?
An attacker exploiting CVE-2020-8567 can create malicious SecretProviderClass objects, allowing them to write to arbitrary file paths on the host filesystem.
Which software is vulnerable according to CVE-2020-8567?
Software vulnerable to CVE-2020-8567 includes Hashicorp Vault Provider, Microsoft Azure Key Vault Provider, and Google Secret Manager Provider for Secrets Store CSI Driver.
- agent/weakness
- agent/references
- agent/remedy
- agent/severity
- agent/type
- agent/softwarecombine
- agent/description
- agent/title
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-2v35-wj4r-rcmv
- alias/CVE-2020-8567
- agent/software-canonical-lookup
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/author
- package-manager/go
- vendor/google
- canonical/google secret manager provider for secret store csi driver
- vendor/hashicorp
- canonical/hashicorp vault
- vendor/microsoft
- canonical/microsoft azure key vault provider for secrets store csi driver