CVE-2020-3996

Summary

Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.

Affected Software

VendorProductVersion RangeStatus
n/aVeleroVelero versions 0.* and 1.* prior to 1.4.3 and 1.5.2affected

Weaknesses

  • Information leakage due to incorrect volume assignment

ADP Enrichment

CVE Program Container

Additional References

References