Volume Identifier Information Leakage in Velero (prior to 1.4.3 and 1.5.2)

Volume Identifier Information Leakage in Velero (prior to 1.4.3 and 1.5.2)

CVE-2020-3996 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.

Learn more about our User Device Pen Test.