CVE-2020-8569

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8569

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8569.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-8569

Aliases

GHSA-hwrr-rhmm-vcvf

Published

2021-01-21T17:15:14Z

Modified

2025-07-01T11:45:38.718893Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected.

References

Affected packages

Git / github.com/kubernetes-csi/external-snapshotter

Affected ranges

Type: GIT
Repo: https://github.com/kubernetes-csi/external-snapshotter
Events: Introduced

ed6cd4a7ec1ab012c1b4aa87f66c2f9f2f0d15f6

Fixed

7819ee35f860bc370043d875ad6ca09d9fae25dc

Affected versions

v2.*

v2.1.0

v2.1.1

v2.1.2