Skip to content

Vulnerability in k8sgpt project #1598

Description

@ankitdn

While working on k8sgpt project, I found a vulnerability in github.com/kedacore/keda/v2.
The scan reported an Arbitrary File Read vulnerability affecting KEDA’s TriggerAuthentication configuration when used with HashiCorp Vault. Due to insufficient path validation when loading the Service Account Token, an attacker with permission to create or modify TriggerAuthentication resources could potentially read arbitrary files from the node filesystem.

CVE Link
CVE Report

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Proposed

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions