{"id":"CVE-2019-11255","details":"Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (\u003cv0.4.3, \u003cv1.0.2, v1.1, \u003cv1.2.2, \u003cv1.3.1), external-snapshotter (\u003cv0.4.2, \u003cv1.0.2, v1.1, \u003c1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.","aliases":["GHSA-f4w6-3rh6-6q4q"],"modified":"2026-04-10T04:14:15.945383Z","published":"2019-12-05T16:15:10.567Z","related":["CGA-mwjg-2qqj-j36r"],"references":[{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/kubernetes-security-announce/aXiYN0q4uIw"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:4225"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200810-0003/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:4054"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:4096"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:4099"},{"type":"REPORT","url":"https://github.com/kubernetes/kubernetes/issues/85233"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes-csi/external-provisioner","events":[{"introduced":"673bd220cbf78ba69180077523f35a072ed948d2"},{"last_affected":"3aa7a5d8067b030c42374210b0766de394062000"},{"introduced":"16f5327a442fd4c0db10edd029cc6eef167db9c7"},{"last_affected":"9a258a0accf64d688f312697db871ceaf42e6478"},{"introduced":"cecb5a962a7503ef9aa52874e4b75e638b63705e"},{"last_affected":"971feacb437fc5a8033e99c68002d7452a467a32"},{"introduced":"0"},{"last_affected":"27750ab12343e6b5d6ed1e277b161aa45bc02cfd"},{"introduced":"0"},{"last_affected":"4d233918d301337fd3ac5021fbadd0107554934e"},{"introduced":"0"},{"last_affected":"673bd220cbf78ba69180077523f35a072ed948d2"},{"introduced":"16f5327a442fd4c0db10edd029cc6eef167db9c7"},{"last_affected":"9a258a0accf64d688f312697db871ceaf42e6478"},{"introduced":"cecb5a962a7503ef9aa52874e4b75e638b63705e"},{"last_affected":"971feacb437fc5a8033e99c68002d7452a467a32"}],"database_specific":{"versions":[{"introduced":"0.4.1"},{"last_affected":"0.4.2"},{"introduced":"1.0.0"},{"last_affected":"1.0.1"},{"introduced":"1.1.0"},{"last_affected":"1.2.1"},{"introduced":"0"},{"last_affected":"1.3.0"},{"introduced":"0.1.0"},{"last_affected":"0.2.0"},{"introduced":"0.4.0"},{"last_affected":"0.4.1"},{"introduced":"1.0.0"},{"last_affected":"1.0.1"},{"introduced":"1.1.0"},{"last_affected":"1.2.1"}]}},{"type":"GIT","repo":"https://github.com/kubernetes-csi/external-snapshotter","events":[{"introduced":"0"},{"last_affected":"78164c3324fb45f1a9158e66e52e48f8f8010dc3"},{"introduced":"0"},{"last_affected":"f6026abfd32067c4100b968ee50994ecd3ba7189"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.1"},{"introduced":"0"},{"last_affected":"4.2"}]}}],"versions":["client/v2.2.0-rc3","client/v3.0.0","client/v4.0.0","client/v4.1.0","client/v4.2.0","v0.2.0","v0.4.1","v0.4.2","v0.5.0-alpha.0","v1.0.0","v1.0.0-rc2","v1.0.1","v1.0.1-rc1","v1.1.0","v1.2.0","v1.2.0-rc1","v1.2.1","v1.3.0","v2.0.0","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.0-rc4","v2.0.2-rc1","v2.1.0","v2.2.0-rc.3","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3","v3.0.0","v4.0.0","v4.1.0","v4.2.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11255.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}]}