Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/kubernetes-csi/external-provisioner(Go) | 0 | 0.4.3 | N/A |
| github.com/kubernetes-csi/external-provisioner(Go) | 1.0.0 | 1.0.2 | N/A |
| github.com/kubernetes-csi/external-provisioner(Go) | N/A | N/A | N/A |
| github.com/kubernetes-csi/external-provisioner(Go) | 1.2.0 | 1.2.2 | N/A |
| github.com/kubernetes-csi/external-provisioner(Go) | 1.3.0 | 1.3.1 | N/A |
| github.com/kubernetes-csi/external-snapshotter/v6(Go) | 1.0.0 | 1.0.2 | N/A |
| github.com/kubernetes-csi/external-snapshotter/v6(Go) | N/A | N/A | N/A |
| github.com/kubernetes-csi/external-snapshotter/v6(Go) | 1.2.0 | 1.2.2 | N/A |
| github.com/kubernetes-csi/external-resizer(Go) | N/A | N/A | N/A |
| github.com/kubernetes-csi/external-resizer(Go) | N/A | N/A | N/A |
CVSS Metrics
