Unauthorized Data Access and Volume Manipulation in Kubernetes CSI Sidecar Containers

Unauthorized Data Access and Volume Manipulation in Kubernetes CSI Sidecar Containers

CVE-2019-11255 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

Learn more about our Cis Benchmark Audit For Kubernetes.