Lucene search
GoogleOSV:CVE-2020-8569HistoryJan 21, 2021 - 5:15 p.m.
CVE-2020-8569
2021-01-2117:15:14
Google
osv.dev
4
kubernetes
csi
snapshot-controller
vulnerability
volumesnapshot
persistentvolumeclaim
crashloop
software
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users canβt take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected.
Related
redhatcve
redhatcve
CVE-2020-8569
2020-11-12 18:52:46
hackerone
hackerone
cvelist
cvelist
CVE-2020-8569 Kubernetes CSI snapshot-controller DoS
2021-01-21 17:09:21
github
github
NULL Pointer Dereference in Kubernetes CSI snapshot-controller
2022-02-15 01:57:18
ibm
ibm
osv
osv
NULL Pointer Dereference in Kubernetes CSI snapshot-controller
2022-02-15 01:57:18
cve
cve
CVE-2020-8569
2021-01-21 17:15:14
veracode
veracode
Denial Of Service (DoS)
2020-12-04 02:20:16
prion
prion
Design/Logic Flaw
2021-01-21 17:15:00
nvd
nvd
CVE-2020-8569
2021-01-21 17:15:14