CVE-2023-2878

Summary

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

Affected Software

VendorProductVersion RangeStatus
Kubernetessecrets-store-csi-driver0 < 1.3.3affected
Kubernetessecrets-store-csi-driver1.3.3unaffected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

Workarounds

Prior to upgrading, this vulnerability can be mitigated by running secrets-store-csi-driver at log level 0 or 1 via the -v flag.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References