Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-36049
HistorySep 07, 2022 - 9:15 p.m.

CVE-2022-36049

2022-09-0721:15:08
CWE-400
CWE-770
[email protected]
web.nvd.nist.gov
flux2
kubernetes operator
helm controller
memory consumption
multi-tenancy
vulnerability
patches

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.7%

JSON

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux’s helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0.

Affected configurations

NVD
Node
helmhelmRange3.0.03.9.4
Node
fluxcdflux2Range0.0.170.32.0
OR
fluxcdhelm-controllerRange0.0.40.23.0

Related

cvelist 1
cbl_mariner 2
nessus 1
github 1
veracode 1
cve 1
prion 1
osv 7
altlinux 1
cvelist
cvelist
CVE-2022-36049 Flux2 Helm Controller denial of service
2022-09-07 20:15:13
cbl_mariner
cbl_mariner
CVE-2022-36049 affecting package helm for versions less than 3.9.4-2
2022-11-16 02:26:16
CVE-2022-36049 affecting package helm 3.4.1-17
2024-07-01 09:08:31
nessus
nessus
CBL Mariner 2.0 Security Update: helm (CVE-2022-36049)
2023-03-28 00:00:00
github
github
Helm Controller denial of service
2022-09-16 18:49:48
veracode
veracode
Denial Of Service (DoS)
2022-09-08 08:27:47
cve
cve
CVE-2022-36049
2022-09-07 21:15:08
prion
prion
Design/Logic Flaw
2022-09-07 21:15:00
osv
osv
BIT-helm-2022-36055
2024-03-06 10:53:21
Helm Vulnerable to denial of service through string value parsing
2022-08-30 20:52:31
BIT-helm-2022-36049
2024-03-06 10:53:31
altlinux
altlinux
Security fix for the ALT Linux 10 package helm version 3.10.2-alt1
2022-12-08 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.7%

JSON
Related for NVD:CVE-2022-36049
cvelist1cbl_mariner2nessus1github1veracode1cve1prion1osv7altlinux1