sigs.k8s.io/secrets-store-csi-driver (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package sigs.k8s.io/secrets-store-csi-driver, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2023-2878 — CVSS 6.5 (medium): Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.
CVE-2020-8568 — CVSS 5.8 (medium): Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status…