Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2019-11255: CSI volume snapshot feature can result in unauthorized volume data access #193

Closed
msau42 opened this issue Nov 13, 2019 · 3 comments
Closed

CVE-2019-11255: CSI volume snapshot feature can result in unauthorized volume data access #193

msau42 opened this issue Nov 13, 2019 · 3 comments
Assignees
@msau42

Comments

@msau42
Copy link
Collaborator

msau42 commented Nov 13, 2019
edited
Loading

Overall tracking issue: kubernetes/kubernetes#85233

Fixed in:

master: #172
1.2.2: #173
1.0.2: #175
0.4.2: #180
@msau42 msau42 mentioned this issue Nov 14, 2019
Closed
@msau42 msau42 changed the title Umbrella tracking issue for Claimref validation CVE-2019-11255: CSI volume snapshot feature can result in unauthorized volume data access Nov 14, 2019
@msau42
Copy link
Collaborator Author

msau42 commented Nov 14, 2019

/close

@k8s-ci-robot
Copy link
Contributor

@msau42: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Madhu-1 added a commit to Madhu-1/rook that referenced this issue Nov 18, 2019
@Madhu-1
CSI: update kubernetes sidecar images
28c0c49 
update csi sidecar images to fix CVE-2019-11255

more info:
kubernetes/kubernetes#85233
kubernetes-csi/external-snapshotter#193
kubernetes-csi/external-provisioner#380

Signed-off-by: Madhu Rajanna <[email protected]>
@Madhu-1 Madhu-1 mentioned this issue Nov 18, 2019
Merged
9 tasks
Madhu-1 added a commit to Madhu-1/rook that referenced this issue Nov 19, 2019
@Madhu-1
CSI: update kubernetes sidecar images
49381b3 
update csi sidecar images to fix CVE-2019-11255

more info:
kubernetes/kubernetes#85233
kubernetes-csi/external-snapshotter#193
kubernetes-csi/external-provisioner#380

Signed-off-by: Madhu Rajanna <[email protected]>
mergify bot pushed a commit to rook/rook that referenced this issue Nov 19, 2019
@Madhu-1
CSI: update kubernetes sidecar images
319b2d2 
update csi sidecar images to fix CVE-2019-11255

more info:
kubernetes/kubernetes#85233
kubernetes-csi/external-snapshotter#193
kubernetes-csi/external-provisioner#380

Signed-off-by: Madhu Rajanna <[email protected]>
(cherry picked from commit 49381b3)
@ntolia ntolia mentioned this issue Nov 23, 2019
Closed
nizamial09-zz pushed a commit to nizamial09-zz/rook that referenced this issue Nov 25, 2019
@Madhu-1 @nizamial09
CSI: update kubernetes sidecar images
8dd60e8 
update csi sidecar images to fix CVE-2019-11255

more info:
kubernetes/kubernetes#85233
kubernetes-csi/external-snapshotter#193
kubernetes-csi/external-provisioner#380

Signed-off-by: Madhu Rajanna <[email protected]>
zoetrope pushed a commit to cybozu-go/rook that referenced this issue Dec 26, 2019
@Madhu-1 @zoetrope
CSI: update kubernetes sidecar images
106618f 
update csi sidecar images to fix CVE-2019-11255

more info:
kubernetes/kubernetes#85233
kubernetes-csi/external-snapshotter#193
kubernetes-csi/external-provisioner#380

Signed-off-by: Madhu Rajanna <[email protected]>
kfyharukz pushed a commit to cybozu-go/rook that referenced this issue Jan 23, 2020
@Madhu-1 @kfyharukz
CSI: update kubernetes sidecar images
3d26dd0 
update csi sidecar images to fix CVE-2019-11255

more info:
kubernetes/kubernetes#85233
kubernetes-csi/external-snapshotter#193
kubernetes-csi/external-provisioner#380

Signed-off-by: Madhu Rajanna <[email protected]>
binoue pushed a commit to binoue/rook that referenced this issue Apr 10, 2020
@Madhu-1 @binoue
CSI: update kubernetes sidecar images
e4d2be2 
update csi sidecar images to fix CVE-2019-11255

more info:
kubernetes/kubernetes#85233
kubernetes-csi/external-snapshotter#193
kubernetes-csi/external-provisioner#380

Signed-off-by: Madhu Rajanna <[email protected]>
@b0b0haha
Copy link

I'am confused why when sourcePVC.Status.Phase=Bound or pvc.Status.Phase = v1.ClaimBound , there still exists condition that pv is not bound to the source pvc or bound to other pvc?
the check is as follows:
https://github.com/jsafrane/external-provisioner/blob/8bdf98af13e5f61e15789dbf953cb8e1ddea6266/pkg/controller/controller.go#L707

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@msau42 msau42

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@k8s-ci-robot @msau42 @b0b0haha