admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-11255.md

20 lines
1.2 KiB
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2019-11255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11255)
![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-provisioner&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-resizer&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-snapshotter&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=v1.14%3C%20prior%20to%200.4.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)
### Description
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
### POC
#### Reference
- https://groups.google.com/forum/#!topic/kubernetes-security-announce/aXiYN0q4uIw
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink