### [CVE-2019-11255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11255)
![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-provisioner&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-resizer&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=kubernetes-csi%20external-snapshotter&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=v1.14%3C%20prior%20to%200.4.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)

### Description

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

### POC

#### Reference
- https://groups.google.com/forum/#!topic/kubernetes-security-announce/aXiYN0q4uIw

#### Github
No PoCs found on GitHub currently.