CVE-2019-11255

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:kubernetes:external-provisioner:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-provisioner:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-provisioner:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-provisioner:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-resizer:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-snapshotter:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-snapshotter:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:external-snapshotter:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-12-05 16:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-11255

Mitre link : CVE-2019-11255

CVE.ORG link : CVE-2019-11255


JSON object : View

Products Affected

kubernetes

  • external-snapshotter
  • external-provisioner
  • external-resizer

redhat

  • openshift_container_platform
CWE
CWE-20

Improper Input Validation