6.5

CVE-2019-11255

Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KubernetesExternal-provisioner Version >= 0.4.1 <= 0.4.2
KubernetesExternal-provisioner Version >= 1.0.0 <= 1.0.1
KubernetesExternal-provisioner Version >= 1.1.0 <= 1.2.1
KubernetesExternal-provisioner Version1.3.0
KubernetesExternal-resizer Version >= 0.1.0 <= 0.2.0
KubernetesExternal-snapshotter Version >= 0.4.0 <= 0.4.1
KubernetesExternal-snapshotter Version >= 1.0.0 <= 1.0.1
KubernetesExternal-snapshotter Version >= 1.1.0 <= 1.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.76% 0.753
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 1.2 5.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:P/I:P/A:N
jordan@liggitt.net 4.8 0.5 4.2
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2019:4054
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4096
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4099
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4225
Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/85233
Third Party Advisory
Mitigation
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/aXiYN0q4uIw
https://security.netapp.com/advisory/ntap-20200810-0003/