VYPR
Moderate severityNVD Advisory· Published Dec 5, 2019· Updated Sep 16, 2024

Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation

CVE-2019-11255

Description

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/kubernetes-csi/external-provisionerGo
< 0.4.30.4.3
github.com/kubernetes-csi/external-provisionerGo
>= 1.0.0, < 1.0.21.0.2
github.com/kubernetes-csi/external-provisionerGo
>= 1.2.0, < 1.2.21.2.2
github.com/kubernetes-csi/external-provisionerGo
>= 1.3.0, < 1.3.11.3.1
github.com/kubernetes-csi/external-snapshotter/v6Go
>= 1.0.0, < 1.0.21.0.2
github.com/kubernetes-csi/external-snapshotter/v6Go
>= 1.2.0, < 1.2.21.2.2

Affected products

162

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.