Attacker Value

Unknown

Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation

Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation

Disclosure Date: December 05, 2019 •

CVE-2019-11255 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

5.2

Exploitability Score:

1.2

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

None

Vendors

Products

References

Canonical

CVE-2019-11255 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11255)

Advisory

https://github.com/kubernetes/kubernetes/issues/85233

Security release of kubernetes-csi sidecars - CVE-2019-11255 (https://groups.google.com/forum#!topic/kubernetes-security-announce/aXiYN0q4uIw)

https://access.redhat.com/errata/RHSA-2019:4099

https://access.redhat.com/errata/RHSA-2019:4096

https://access.redhat.com/errata/RHSA-2019:4054

https://access.redhat.com/errata/RHSA-2019:4225

https://security.netapp.com/advisory/ntap-20200810-0003

Rapid7

Unknown