CVE-2019-11255

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
kubernetesCNA
4.8 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
kubernetesexternal-provisioner
0.4.1 ≤
𝑥
≤ 0.4.2
kubernetesexternal-provisioner
1.0.0 ≤
𝑥
≤ 1.0.1
kubernetesexternal-provisioner
1.1.0 ≤
𝑥
≤ 1.2.1
kubernetesexternal-provisioner
1.3.0
kubernetesexternal-resizer
0.1.0 ≤
𝑥
≤ 0.2.0
kubernetesexternal-snapshotter
0.4.0 ≤
𝑥
≤ 0.4.1
kubernetesexternal-snapshotter
1.0.0 ≤
𝑥
≤ 1.0.1
kubernetesexternal-snapshotter
1.1.0 ≤
𝑥
≤ 1.2.1
redhatopenshift_container_platform
3.11
redhatopenshift_container_platform
4.1
redhatopenshift_container_platform
4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:4054
https://access.redhat.com/errata/RHSA-2019:4096
https://access.redhat.com/errata/RHSA-2019:4099
https://access.redhat.com/errata/RHSA-2019:4225
https://github.com/kubernetes/kubernetes/issues/85233
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/aXiYN0q4uIw
https://security.netapp.com/advisory/ntap-20200810-0003/
https://access.redhat.com/errata/RHSA-2019:4054
https://access.redhat.com/errata/RHSA-2019:4096
https://access.redhat.com/errata/RHSA-2019:4099
https://access.redhat.com/errata/RHSA-2019:4225
https://github.com/kubernetes/kubernetes/issues/85233
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/aXiYN0q4uIw
https://security.netapp.com/advisory/ntap-20200810-0003/