Description

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.

INFO

Published Date :

2024-05-15T00:42:36.881Z

Last Modified :

2025-02-13T17:52:59.394Z

Source :

kubernetes
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3744 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3744.

URL Resource
http://www.openwall.com/lists/oss-security/2024/05/09/4 cve-icon cve-icon
https://github.com/kubernetes/kubernetes/issues/124759 cve-icon cve-icon
https://groups.google.com/g/kubernetes-security-announce/c/hcgZE2MQo1A/m/Y4C6q-CYAgAJ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-3744 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-3744 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact