EUVD-2022-5436

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Flux2 versions up to v0.29.0 are vulnerable to Code Injection via malicious Kubeconfig leading to escalation.

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2022-24817	6 May 202207:22	–	circl
CNNVD	Flux2 代码注入漏洞	6 May 202200:00	–	cnnvd
CVE	CVE-2022-24817	6 May 202200:00	–	cve
Cvelist	CVE-2022-24817 Improper kubeconfig validation allows arbitrary code execution	6 May 202200:00	–	cvelist
Github Security Blog	Improper kubeconfig validation allows arbitrary code execution	16 May 202218:13	–	github
NVD	CVE-2022-24817	6 May 202200:15	–	nvd
OSV	BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution	2 Dec 202517:36	–	osv
OSV	BIT-KUSTOMIZE-2022-24817 Improper kubeconfig validation allows arbitrary code execution	6 Mar 202410:55	–	osv
OSV	CVE-2022-24817 Improper kubeconfig validation allows arbitrary code execution	6 May 202200:00	–	osv
OSV	GHSA-VVMQ-FWMG-2GJC Improper kubeconfig validation allows arbitrary code execution	16 May 202218:13	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "f84c2d44-6910-35af-8961-20ef679cdb05",
        "vendor": {
          "name": "fluxcd"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "938eddc7-4cd3-3dd0-b69d-60a3798a67a4",
        "product": {
          "name": "flux2"
        },
        "product_version": "flux2 < v0.29.0  v0.1.0"
      },
      {
        "id": "a2d3b197-392d-3c17-a36c-02993e4cd56a",
        "product": {
          "name": "flux2"
        },
        "product_version": "kustomize-controller < v0.19.0  v0.2.0"
      },
      {
        "id": "f6d95bd3-1921-3e54-9068-767fae5726ac",
        "product": {
          "name": "flux2"
        },
        "product_version": "helm-controller < v0.23.0  v0.1.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/fluxcd/flux2/security/advisories/GHSA-vvmq-fwmg-2gjc
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-24817
github	www.github.com/fluxcd/flux2

03 Oct 2025 20:07Current

9High risk

Vulners AI Score9

CVSS 3.19.9

CVSS 26.5

EPSS0.00378

SSVC