GO-2024-2861
See a problem?- Source
- https://pkg.go.dev/vuln/GO-2024-2861
- Import Source
- https://vuln.go.dev/ID/GO-2024-2861.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2024-2861
- Aliases
-
- CVE-2024-3744
- GHSA-qjqg-4wg7-957h
- Published
- 2024-06-04T15:19:21Z
- Modified
- 2024-06-28T15:28:40Z
- Summary
- azure-file-csi-driver leaks service account tokens in the logs in sigs.k8s.io/azurefile-csi-driver
- Details
-
azure-file-csi-driver leaks service account tokens in the logs in sigs.k8s.io/azurefile-csi-driver
- References
-
- https://github.com/advisories/GHSA-qjqg-4wg7-957h
- https://nvd.nist.gov/vuln/detail/CVE-2024-3744
- http://www.openwall.com/lists/oss-security/2024/05/09/4
- https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/a1b7446de942136419f07394efeef804523f87ae
- https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/e11ff3dc2c03894cde692213308f9991e7bbd5bf
- https://github.com/kubernetes/kubernetes/issues/124759
- https://groups.google.com/g/kubernetes-security-announce/c/hcgZE2MQo1A/m/Y4C6q-CYAgAJ
Affected packages
Go / sigs.k8s.io/azurefile-csi-driver
Package
- Name
- sigs.k8s.io/azurefile-csi-driver
- View open source insights on deps.dev
- Purl
- pkg:golang/sigs.k8s.io/azurefile-csi-driver