GHSA-f4w6-3rh6-6q4q

Suggest an improvement
Source
https://github.com/advisories/GHSA-f4w6-3rh6-6q4q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f4w6-3rh6-6q4q/GHSA-f4w6-3rh6-6q4q.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-f4w6-3rh6-6q4q
Aliases
Related
Published
2022-05-24T17:02:42Z
Modified
2023-11-08T04:01:00.477555Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
Details

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

References

Affected packages

Go / github.com/kubernetes-csi/external-provisioner

Package

Name
github.com/kubernetes-csi/external-provisioner
View open source insights on deps.dev
Purl
pkg:golang/github.com/kubernetes-csi/external-provisioner

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3

Go / github.com/kubernetes-csi/external-provisioner

Package

Name
github.com/kubernetes-csi/external-provisioner
View open source insights on deps.dev
Purl
pkg:golang/github.com/kubernetes-csi/external-provisioner

Affected ranges

Type
SEMVER
Events
Introduced
1.0.0
Fixed
1.0.2

Go / github.com/kubernetes-csi/external-provisioner

Package

Name
github.com/kubernetes-csi/external-provisioner
View open source insights on deps.dev
Purl
pkg:golang/github.com/kubernetes-csi/external-provisioner

Affected ranges

Affected versions

1.*

1.1

Go / github.com/kubernetes-csi/external-provisioner

Package

Name
github.com/kubernetes-csi/external-provisioner
View open source insights on deps.dev
Purl
pkg:golang/github.com/kubernetes-csi/external-provisioner

Affected ranges

Type
SEMVER
Events
Introduced
1.2.0
Fixed
1.2.2

Go / github.com/kubernetes-csi/external-provisioner

Package

Name
github.com/kubernetes-csi/external-provisioner
View open source insights on deps.dev
Purl
pkg:golang/github.com/kubernetes-csi/external-provisioner

Affected ranges

Type
SEMVER
Events
Introduced
1.3.0
Fixed
1.3.1

Go / github.com/kubernetes-csi/external-snapshotter/v6

Package

Name
github.com/kubernetes-csi/external-snapshotter/v6
View open source insights on deps.dev
Purl
pkg:golang/github.com/kubernetes-csi/external-snapshotter/v6

Affected ranges

Type
SEMVER
Events
Introduced
1.0.0
Fixed
1.0.2

Go / github.com/kubernetes-csi/external-snapshotter/v6

Package

Name
github.com/kubernetes-csi/external-snapshotter/v6
View open source insights on deps.dev
Purl
pkg:golang/github.com/kubernetes-csi/external-snapshotter/v6

Affected ranges

Affected versions

1.*

1.1

Go / github.com/kubernetes-csi/external-snapshotter/v6

Package

Name
github.com/kubernetes-csi/external-snapshotter/v6
View open source insights on deps.dev
Purl
pkg:golang/github.com/kubernetes-csi/external-snapshotter/v6

Affected ranges

Type
SEMVER
Events
Introduced
1.2.0
Fixed
1.2.2

Go / github.com/kubernetes-csi/external-resizer

Package

Name
github.com/kubernetes-csi/external-resizer
View open source insights on deps.dev
Purl
pkg:golang/github.com/kubernetes-csi/external-resizer

Affected ranges

Affected versions

0.*

0.1

Go / github.com/kubernetes-csi/external-resizer

Package

Name
github.com/kubernetes-csi/external-resizer
View open source insights on deps.dev
Purl
pkg:golang/github.com/kubernetes-csi/external-resizer

Affected ranges

Affected versions

0.*

0.2