CVE-2019-11255
published 2019-12-05CVE-2019-11255: Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter…
medium6.5CVSS 3.1
AVNACLPRHUINSUCHIHAN
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | kubernetes-csi_external-provisioner | >= 0 < 0.4.3 | 0.4.3 |
| github.com | kubernetes-csi_external-provisioner | >= 1.0.0 < 1.0.2 | 1.0.2 |
| github.com | kubernetes-csi_external-provisioner | >= 1.2.0 < 1.2.2 | 1.2.2 |
| github.com | kubernetes-csi_external-provisioner | >= 1.3.0 < 1.3.1 | 1.3.1 |
| github.com | kubernetes-csi_external-snapshotter_v6 | >= 1.0.0 < 1.0.2 | 1.0.2 |
| github.com | kubernetes-csi_external-snapshotter_v6 | >= 1.2.0 < 1.2.2 | 1.2.2 |
| kubernetes | external-provisioner | — | — |
| kubernetes | external-provisioner | 0.4.1 – 0.4.2 | — |
| kubernetes | external-provisioner | 1.0.0 – 1.0.1 | — |
| kubernetes | external-provisioner | 1.1.0 – 1.2.1 | — |
| kubernetes | external-resizer | 0.1.0 – 0.2.0 | — |
| kubernetes | external-snapshotter | 0.4.0 – 0.4.1 | — |
| kubernetes | external-snapshotter | 1.0.0 – 1.0.1 | — |
| kubernetes | external-snapshotter | 1.1.0 – 1.2.1 | — |
| kubernetes | kubernetes-csi_external-provisioner | — | — |
| kubernetes | kubernetes-csi_external-provisioner | — | — |
| kubernetes | kubernetes-csi_external-provisioner | — | — |
| kubernetes | kubernetes-csi_external-provisioner | — | — |
| kubernetes | kubernetes-csi_external-provisioner | >= v1.14 < prior to 0.4.3 | prior to 0.4.3 |
| kubernetes | kubernetes-csi_external-resizer | — | — |
| kubernetes | kubernetes-csi_external-resizer | — | — |
| kubernetes | kubernetes-csi_external-snapshotter | — | — |
| kubernetes | kubernetes-csi_external-snapshotter | — | — |
| kubernetes | kubernetes-csi_external-snapshotter | — | — |
| kubernetes | kubernetes-csi_external-snapshotter | — | — |