GCVE - cpe:2.3:a:kubernetes:external-provisioner:1.3.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kubernetes:external-provisioner:1.3.0:*:*:*:*:*:*:*

part: a version: 1.3.0 update: *

Vendor	Kubernetes (`3ee05930-9e42-51b2-ad52-30832f573b15`)
Product	External Provisioner (`8eae43be-9f2f-53da-8393-2937f6b85e5c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/boky/csi-provisioner`	purl2cpe	2026-06-01 10:13:27.905114
`pkg:github/kubernetes-csi/external-provisioner`	purl2cpe	2026-06-01 10:13:27.905115
`pkg:rpm/opensuse/csi-external-provisioner`	purl2cpe	2026-06-01 10:13:27.905117

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-11255`	vulnerable	2026-06-03 14:39:32.585317	Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation MEDIUM (4.8) Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. Published: 2019-12-05T16:05:18.735Z Updated: 2024-09-16T23:05:20.635Z Open on db.gcve.eu Reference links https://github.com/kubernetes/kubernetes/issues/85233 https://groups.google.com/forum/#%21topic/kubernetes-security-announce/aXiYN0q4uIw https://access.redhat.com/errata/RHSA-2019:4099 https://access.redhat.com/errata/RHSA-2019:4096 https://access.redhat.com/errata/RHSA-2019:4054	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.