Vulnerability Database
Blog
FAQ
Docs
GO-2024-2861
See a problem?
Source
https://pkg.go.dev/vuln/GO-2024-2861
Import Source
https://vuln.go.dev/ID/GO-2024-2861.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2024-2861
Aliases
CVE-2024-3744
GHSA-qjqg-4wg7-957h
Published
2024-06-04T15:19:21Z
Modified
2024-06-28T15:28:40Z
Summary
azure-file-csi-driver leaks service account tokens in the logs in sigs.k8s.io/azurefile-csi-driver
Details
azure-file-csi-driver leaks service account tokens in the logs in sigs.k8s.io/azurefile-csi-driver
References
https://github.com/advisories/GHSA-qjqg-4wg7-957h
https://nvd.nist.gov/vuln/detail/CVE-2024-3744
http://www.openwall.com/lists/oss-security/2024/05/09/4
https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/a1b7446de942136419f07394efeef804523f87ae
https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/e11ff3dc2c03894cde692213308f9991e7bbd5bf
https://github.com/kubernetes/kubernetes/issues/124759
https://groups.google.com/g/kubernetes-security-announce/c/hcgZE2MQo1A/m/Y4C6q-CYAgAJ
Affected packages
Go
/
sigs.k8s.io/azurefile-csi-driver
Package
Name
sigs.k8s.io/azurefile-csi-driver
View open source insights on deps.dev
Purl
pkg:golang/sigs.k8s.io/azurefile-csi-driver
Affected ranges
Type
SEMVER
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.29.4
Introduced
1.30.0
Fixed
1.30.1
GO-2024-2861 - OSV