Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-f4w6-3rh6-6q4q

GitHub Security Advisory

Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

Affected Packages

Go github.com/kubernetes-csi/external-provisioner
Affected versions: 0 (fixed in 0.4.3)
Go github.com/kubernetes-csi/external-provisioner
Affected versions: 1.0.0 (fixed in 1.0.2)
Go github.com/kubernetes-csi/external-provisioner
Go github.com/kubernetes-csi/external-provisioner
Affected versions: 1.2.0 (fixed in 1.2.2)
Go github.com/kubernetes-csi/external-provisioner
Affected versions: 1.3.0 (fixed in 1.3.1)
Go github.com/kubernetes-csi/external-snapshotter/v6
Affected versions: 1.0.0 (fixed in 1.0.2)
Go github.com/kubernetes-csi/external-snapshotter/v6
Go github.com/kubernetes-csi/external-snapshotter/v6
Affected versions: 1.2.0 (fixed in 1.2.2)
Go github.com/kubernetes-csi/external-resizer
Go github.com/kubernetes-csi/external-resizer

Related CVEs

CVE-2019-11255

Key Information

GHSA ID
GHSA-f4w6-3rh6-6q4q
Published
May 24, 2022 5:02 PM
Last Modified
July 18, 2023 10:01 PM
CVSS Score
5.0 /10
Primary Ecosystem
Go
Primary Package
github.com/kubernetes-csi/external-provisioner
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.