9 matches found
CVE-2026-6437
CVE-2026-6437 concerns the AWS EFS CSI Driver (aws-efs-csi-driver) prior to v3.0.1. The flaw is improper neutralization of argument delimiters in the volume handling component, which allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via...
EUVD-2022-3689
Malicious code in bioql PyPI...
GO-2025-3512 kubevirt-csi: PersistentVolume allows access to HCP's root node in github.com/kubevirt/csi-driver
kubevirt-csi: PersistentVolume allows access to HCP's root node in github.com/kubevirt/csi-driver. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
Trust Boundary Violation
Overview Affected versions of this package are vulnerable to Trust Boundary Violation via the creation of a custom PersistentVolume that matches the name of a worker node. An attacker can gain unauthorized access to the root HCP worker node's volume by exploiting this flaw. Note: The name of the...
Trust Boundary Violation
Overview Affected versions of this package are vulnerable to Trust Boundary Violation via the creation of a custom PersistentVolume that matches the name of a worker node. An attacker can gain unauthorized access to the root HCP worker node's volume by exploiting this flaw. Note: The name of the...
Trust Boundary Violation
Overview Affected versions of this package are vulnerable to Trust Boundary Violation via the creation of a custom PersistentVolume that matches the name of a worker node. An attacker can gain unauthorized access to the root HCP worker node's volume by exploiting this flaw. Note: The name of the...
GHSA-F4W6-3RH6-6Q4Q Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner v0.4.3, v1.0.2, v1.1, v1.2.2, v1.3.1, external-snapshotter v0.4.2, v1.0.2, v1.1, 1.2.2, and external-resizer v0.1, v0.2 could result in unauthorized PersistentVolume data access or volume mutation during...
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner v0.4.3, v1.0.2, v1.1, v1.2.2, v1.3.1, external-snapshotter v0.4.2, v1.0.2, v1.1, 1.2.2, and external-resizer v0.1, v0.2 could result in unauthorized PersistentVolume data access or volume mutation during...
CVE-2019-11255
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner v0.4.3, v1.0.2, v1.1, v1.2.2, v1.3.1, external-snapshotter v0.4.2, v1.0.2, v1.1, 1.2.2, and external-resizer v0.1, v0.2 could result in unauthorized PersistentVolume data access or volume mutation during...