Tag: Storage
Failures in block, object, or ephemeral storage backends.
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0020 High Impact: 10/10 Mitigation: 6/10 | Self-hosted PostgreSQL HA: WAL Streaming & HA Controller Crisis (Replication Slot Loss, Disk Full, Etcd Quorum Failure) | Detects high-severity failures in self-hosted PostgreSQL high-availability clusters managed by Patroni, Zalando, or similar HA controllers. This rule targets catastrophic conditions that break replication or cluster consensus: - WAL streaming failures due to missing replication slots (usually after disk full or crash events) - Persistent errors resolving HA controller endpoints (etcd/consul) and loss of HA controller quorum - Disk saturation leading to WAL write errors and replication breakage | PostgreSQL High Availability | postgresql | High AvailabilityPatroniZalandoEtcdReplicationWALStorageQuorumCrashData LossTimeout |
| CRE-2025-0026 Low Impact: 6/10 Mitigation: 1/10 | AWS EBS CSI Driver fails to detach volume when VolumeAttachment has empty nodeName | In clusters using the AWS EBS CSI driver, the controller may fail to detach a volume if the associated VolumeAttachment resource has an empty `spec.nodeName`. This results in a log error and skipped detachment, which may block PVC reuse or node cleanup. | Storage | eks-nodeagent | ebscsiAWSStoragePublic |
| CRE-2025-0029 Low Impact: 6/10 Mitigation: 5/10 | Loki fails to retrieve AWS credentials when specifying S3 endpoint with IRSA | - When deploying Grafana Loki with AWS S3 as the storage backend and specifying a custom S3 endpoint (e.g., for FIPS compliance or GovCloud regions), Loki may fail to retrieve AWS credentials via IAM Roles for Service Accounts (IRSA). This results in errors during startup or when attempting to upload index tables, preventing Loki from functioning correctly. | Storage | loki | LokiS3AWSIrsaStorageAuthenticationHelmPublic |
| CRE-2025-0133 Medium Impact: 7/10 Mitigation: 4/10 | Supabase Self-Hosted: Storage Service Fails Due to S3 Misconfiguration | Detects when Supabase Storage service fails due to incorrect S3 configuration including invalid credentials, non-existent buckets, or wrong S3 endpoint settings. This affects file upload/download operations and prevents the storage API from functioning properly. | Storage | storage | SupabaseStorageS3AWSConfigurationApi KeySelf-HostedInfrastructurePublic |
| CRE-2025-0141 High Impact: 10/10 Mitigation: 7/10 | Supabase Self-Hosted: Disk Full During Database Migration Operations | Detects when Supabase PostgreSQL database operations fail due to insufficient disk space during migrations, data imports, or large transactions. This can corrupt the database, leave migrations in inconsistent state, and cause complete service failure requiring manual intervention. | Storage | supabase | SupabasePostgreSQLDisk FullStorageMigration FailureWALSelf-HostedCritical FailureData Loss RiskPublic |
| CRE-2025-0202 Low Impact: 3/10 Mitigation: 1/10 | The snapshot functionality of the AWS EBS CSI Driver is failing. | The AWS EBS CSI driver, fails to list `VolumeSnapshotClass` and `VolumeSnapshotContent`. | Storage | ebs-csi-snapshotter | ebscsiAWSStoragePublic |