CVE-2019-11255

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:kubernetes:external-provisioner:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-provisioner:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-provisioner:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-provisioner:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-resizer:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-snapshotter:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-snapshotter:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-snapshotter:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*

Information

Published : 2019-12-05 08:15

Updated : 2020-08-10 05:15


NVD link : CVE-2019-11255

Mitre link : CVE-2019-11255


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

kubernetes

  • external-resizer
  • external-snapshotter
  • external-provisioner

redhat

  • openshift_container_platform