CVE-2022-39395

🗓️ 10 Nov 2022 00:00:00Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 116 Views

Vela is a Pipeline Automation (CI/CD) framework with default configurations allowing exploitation and container breakouts. Upgrade to fix CVE-2022-39395

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2022-39395	10 Nov 202202:18	–	circl
CNNVD	Vela 安全漏洞	10 Nov 202200:00	–	cnnvd
Cvelist	CVE-2022-39395 Vela Insecure Defaults	10 Nov 202200:00	–	cvelist
EUVD	EUVD-2022-7245	3 Oct 202520:07	–	euvd
Github Security Blog	Vela Insecure Defaults	9 Nov 202219:17	–	github
NVD	CVE-2022-39395	10 Nov 202218:15	–	nvd
OSV	CVE-2022-39395 Vela Insecure Defaults	10 Nov 202200:00	–	osv
OSV	GHSA-5M7G-PJ8W-7593 Vela Insecure Defaults	9 Nov 202219:17	–	osv
OSV	GO-2022-1100 Vela Insecure Defaults in github.com/go-vela/server	21 Aug 202416:03	–	osv
Prion	Default configuration	10 Nov 202218:15	–	prion

NVD

Vulners

Node

go-vela serverRange<0.16.0

go-vela uiRange<0.17.0

go-vela workerRange<0.16.0

[
  {
    "vendor": "go-vela",
    "product": "server",
    "versions": [
      {
        "version": "< 0.16.0",
        "status": "affected"
      },
      {
        "version": "< 0.17.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/go-vela/server/releases/tag/v0.16.0
go-vela	www.go-vela.github.io/docs/installation/server/reference/
github	www.github.com/go-vela/ui/releases/tag/v0.17.0
go-vela	www.go-vela.github.io/docs/installation/worker/reference/
github	www.github.com/go-vela/server/security/advisories/GHSA-5m7g-pj8w-7593
github	www.github.com/go-vela/server/commit/05558ee99d70f7d6f83bed7c8f78ac0b35fa26f4
github	www.github.com/go-vela/ui/security/advisories/GHSA-xf39-98m2-889v
github	www.github.com/go-vela/worker/security/advisories/GHSA-2w78-ffv6-p46w
github	www.github.com/go-vela/worker/releases/tag/v0.16.0
docs	www.docs.docker.com/engine/security/