cve/2019/CVE-2019-11255.md

### [CVE-2019-11255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11255)
![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-provisioner&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-resizer&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-snapshotter&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=v1.14%3C%20prior%20to%200.4.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)

### Description

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

### POC

#### Reference
- https://groups.google.com/forum/#!topic/kubernetes-security-announce/aXiYN0q4uIw
- https://groups.google.com/forum/#!topic/kubernetes-security-announce/aXiYN0q4uIw

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-11255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11255)`
			`![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-provisioner&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-resizer&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-snapshotter&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=v1.14%3C%20prior%20to%200.4.3%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)`

			`### Description`

			`Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.`

			`### POC`

			`#### Reference`
			`- https://groups.google.com/forum/#!topic/kubernetes-security-announce/aXiYN0q4uIw`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://groups.google.com/forum/#!topic/kubernetes-security-announce/aXiYN0q4uIw`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`