CVE-2019-11255

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11255
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11255.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11255
Aliases
Downstream
Related
Published
2019-12-05T16:15:10.567Z
Modified
2026-03-15T22:29:19.492159Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

References

Affected packages

Git / github.com/kubernetes-csi/external-resizer

Affected ranges

Type
GIT
Repo
https://github.com/kubernetes-csi/external-resizer
Events
Introduced
b22717d1511c688bf2a6792b1ca380781f3ac639
Last affected
882049909bc94434f1199776980912dbb5b3e9b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4a6c116146204bb9bcce0f3697c5f651817575b7
Introduced
61904896301627bba78a7ef3f37804a83df9e9e4
Last affected
07a4fd906acbb8014c0f5d05578071c0a9559251
Introduced
b22717d1511c688bf2a6792b1ca380781f3ac639
Last affected
882049909bc94434f1199776980912dbb5b3e9b8
Database specific 
{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "last_affected": "1.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0"
        },
        {
            "introduced": "0.1.0"
        },
        {
            "last_affected": "0.2.0"
        },
        {
            "introduced": "1.0.0"
        },
        {
            "last_affected": "1.0.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/kubernetes-csi/external-snapshotter
Events
Introduced
5bad0876534419b708ca88cecdfae0c1c39a1e1e
Last affected
ec8786361c2f792b589151124594c5a2a9a60056
Introduced
ac33959738598e55a0a0a9d5a2d08d7445f27f36
Last affected
34fa9aad47eef93ca8281c2a029f031852cfefa5
Introduced
590aeed7566eaa0409ae852000e570aa0a5c2720
Last affected
5bad0876534419b708ca88cecdfae0c1c39a1e1e
Introduced
ac33959738598e55a0a0a9d5a2d08d7445f27f36
Last affected
34fa9aad47eef93ca8281c2a029f031852cfefa5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
78164c3324fb45f1a9158e66e52e48f8f8010dc3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f6026abfd32067c4100b968ee50994ecd3ba7189
Database specific 
{
    "versions": [
        {
            "introduced": "0.4.1"
        },
        {
            "last_affected": "0.4.2"
        },
        {
            "introduced": "1.1.0"
        },
        {
            "last_affected": "1.2.1"
        },
        {
            "introduced": "0.4.0"
        },
        {
            "last_affected": "0.4.1"
        },
        {
            "introduced": "1.1.0"
        },
        {
            "last_affected": "1.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2"
        }
    ]
}

Affected versions

client/v2.*
client/v2.2.0-rc3
client/v3.*
client/v3.0.0
client/v4.*
client/v4.0.0
client/v4.1.0
v0.*
v0.1.0
v0.2.0
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.6.0-rc1
v1.*
v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.1
v1.1.0
v1.2.0
v1.2.1
v1.3.0
v2.*
v2.0.0
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.0-rc4
v2.0.2-rc1
v2.1.0
v2.2.0-rc.3
v2.2.0-rc1
v2.2.0-rc2
v2.2.0-rc3
v3.*
v3.0.0
v4.*
v4.0.0
v4.1.0

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.11"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11255.json"