CVE-2019-11255
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
| Software | From | Fixed in |
|---|---|---|
| kubernetes / external-resizer | 0.1.0 | 0.2.0.x |
| kubernetes / external-snapshotter | 0.4.0 | 0.4.1.x |
| kubernetes / external-snapshotter | 1.0.0 | 1.0.1.x |
| kubernetes / external-snapshotter | 1.1.0 | 1.2.1.x |
| kubernetes / external-provisioner | 1.0.0 | 1.0.1.x |
| kubernetes / external-provisioner | 0.4.1 | 0.4.2.x |
| kubernetes / external-provisioner | 1.1.0 | 1.2.1.x |
| kubernetes / external-provisioner | 1.3.0 | 1.3.0.x |
| redhat / openshift_container_platform | 3.11 | 3.11.x |
| redhat / openshift_container_platform | 4.1 | 4.1.x |
| redhat / openshift_container_platform | 4.2 | 4.2.x |
- https://access.redhat.com/errata/RHSA-2019:4054
- https://access.redhat.com/errata/RHSA-2019:4096
- https://access.redhat.com/errata/RHSA-2019:4099
- https://access.redhat.com/errata/RHSA-2019:4225
- https://github.com/kubernetes/kubernetes/issues/85233
- https://groups.google.com/forum/#!topic/kubernetes-security-announce/aXiYN0q4uIw
- https://groups.google.com/forum/#%21topic/kubernetes-security-announce/aXiYN0q4uIw
- https://security.netapp.com/advisory/ntap-20200810-0003/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime