CVE-2023-2878

low-risk

Published 2023-06-07

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

LOCAL / LOW complexity

Secrets-Store-Csi-Driver

Kubernetes

Exploit https://github.com/kubernetes/kubernetes/issues/118419

Mailing List https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YU...

Third Party Advisory https://security.netapp.com/advisory/ntap-20230814-0003/

Exploit https://github.com/kubernetes/kubernetes/issues/118419

Mailing List https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YU...

Third Party Advisory https://security.netapp.com/advisory/ntap-20230814-0003/

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal