Information Exposure Affecting github.com/vmware-tanzu/velero/pkg/restore package, versions <1.4.3 >=1.5.0-beta.1 <1.5.2
Snyk CVSS
Attack Complexity
High
Confidentiality
High
Threat Intelligence
EPSS
0.04% (12th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMVMWARETANZUVELEROPKGRESTORE-1021233
- published 27 Oct 2020
- disclosed 23 Oct 2020
- credit Arianit Uka
Introduced: 23 Oct 2020
CVE-2020-3996 Open this link in a new tabHow to fix?
Upgrade github.com/vmware-tanzu/velero/pkg/restore
to version 1.4.3, 1.5.2 or higher.
Overview
github.com/vmware-tanzu/velero/pkg/restore is a package to backup and migrate Kubernetes applications and their persistent volumes.
Affected versions of this package are vulnerable to Information Exposure. In some instances, it doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.