CVE-2019-11255

ADVISORY - github

Summary

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

EPSS Score⁠: 0.0085 (0.749)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20⁠

Improper Input Validation

ADVISORY - github

CWE-20⁠

Improper Input Validation

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-20⁠

Improper Input Validation

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-20⁠

Improper Input Validation

Impacted images

Advisories

NIST

CREATED

6 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2019-11255⁠

EXPLOITABILITY SCORE

0.5

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

4.8medium

GitHub

CREATED

4 years ago

UPDATED

3 years ago

ADVISORY IDGHSA-f4w6-3rh6-6q4q⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

6.5medium

GitLab

CREATED

4 years ago

UPDATED

3 years ago

ADVISORY ID

CVE-2019-11255

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-20⁠CWE-937⁠

CVSS SCORE

6.5medium

Red Hat

CREATED

6 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2019-11255⁠

EXPLOITABILITY SCORE

0.5

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

4.8medium

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-2fvq-57pf-9xg6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-2mxm-h64h-g4j5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-5jfw-w68x-xw62

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-5pmr-pq4h-vm2v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-5vrj-6mcc-qv6q

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-5xf3-4hxp-qc54

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-6wch-6pp3-q2p7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-9984-mhr6-f8x9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-9fx4-43vv-cqrq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-c3jv-9fp5-w6cj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-mwjg-2qqj-j36r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-p7qr-f8cg-xpp6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-q2qw-vhcq-9j87

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-qjv3-3p99-p569

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-xpgv-5933-6hp8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY