Lucene search

K

Weave Security Vulnerabilities

cve
cve

CVE-2022-23509

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps.....

7.3CVSS

5.9AI Score

0.0004EPSS

2023-01-09 02:15 PM
39
cve
cve

CVE-2022-23508

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...

8.8CVSS

7.5AI Score

0.0004EPSS

2023-01-09 01:15 PM
36
cve
cve

CVE-2022-31098

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...

9CVSS

7.3AI Score

0.002EPSS

2022-06-27 10:15 PM
380
5
cve
cve

CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

8CVSS

7.8AI Score

0.0004EPSS

2021-01-20 10:15 PM
35
3
cve
cve

CVE-2020-11091

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1.....

5.8CVSS

6.4AI Score

0.041EPSS

2020-06-03 11:15 PM
50