CVE-2019-11255 Information

Feb 14, 2021 cve

Description

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (v0.4.3 v1.0.2 v1.1 v1.2.2 v1.3.1) external-snapshotter (v0.4.2 v1.0.2 v1.1 1.2.2) and external-resizer (v0.1 v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot restore from snapshot cloning and resizing operations.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Reference

https://access.redhat.com/errata/RHSA-2019:4054 https://access.redhat.com/errata/RHSA-2019:4096 https://access.redhat.com/errata/RHSA-2019:4099 https://access.redhat.com/errata/RHSA-2019:4225 https://github.com/kubernetes/kubernetes/issues/85233 https://groups.google.com/forum/!topic/kubernetes-security-announce/aXiYN0q4uIw https://security.netapp.com/advisory/ntap-20200810-0003/

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5

Share on: