VDB
CVE-2019-11255
CVE-2019-11255
PUBLISHED
CVSS 4.800000190734863 MEDIUM
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
EPSS 0.80% · 74.3th percentile
Risk Scores
CVSS v3.1
4.800000190734863
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
EPSS Score
0.80%
74.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| kubernetes | external-snapshotter | 0.4.0, 1.0.0, 1.1.0 |
| Kubernetes | kubernetes-csi external-resizer | 0.1, 0.2 |
| kubernetes | external-resizer | 0.1.0 |
| Kubernetes | kubernetes-csi external-provisioner | 1.14, 1.1, prior to 1.0.2 |
| github.com | kubernetes-csi/external-provisioner | 1.2.0, 1.1, 1.0.0 |
| github.com | kubernetes-csi/external-snapshotter/v6 | 1.0.0, 1.1, 1.2.0 |
| github.com | kubernetes-csi/external-resizer | 0.2, 0.1 |
| Kubernetes | kubernetes-csi external-snapshotter | prior to 0.4.2, *, prior to 1.2.2 |
| redhat | openshift_container_platform | 4.2, 3.11, 4.1 |
| kubernetes | external-provisioner | 1.1.0, 1.3.0, 0.4.1 |
Timeline
- Dec 5, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://github.com/kubernetes/kubernetes/issues/85233 url
- Security release of kubernetes-csi sidecars - CVE-2019-11255 mailing-list
- RHSA-2019:4099 vendor-advisory
- RHSA-2019:4096 vendor-advisory
- RHSA-2019:4054 vendor-advisory
- RHSA-2019:4225 vendor-advisory
- https://security.netapp.com/advisory/ntap-20200810-0003/ url
- https://nvd.nist.gov/vuln/detail/CVE-2019-11255 advisory
- https://groups.google.com/forum/#!topic/kubernetes-security-announce/aXiYN0q4uIw url
- https://security.netapp.com/advisory/ntap-20200810-0003 url