64 matches found
CVE-2022-38790
Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...
CVE-2022-23509
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-31098
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...
EUVD-2023-0403
Malicious code in bioql PyPI...
EUVD-2023-1979
Malicious code in bioql PyPI...
EUVD-2022-6189
Malicious code in bioql PyPI...
EUVD-2023-0577
Malicious code in bioql PyPI...
EUVD-2022-41353
Malicious code in bioql PyPI...
CVE-2023-34236
Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...
CVE-2022-23508
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
GO-2022-0502 Weave GitOps leaked cluster credentials into logs on connection errors in github.com/weaveworks/weave-gitops
Weave GitOps leaked cluster credentials into logs on connection errors in github.com/weaveworks/weave-gitops...
GO-2023-1925 Weave GitOps Terraform Controller Information Disclosure Vulnerability in github.com/weaveworks/tf-controller
Weave GitOps Terraform Controller Information Disclosure Vulnerability in github.com/weaveworks/tf-controller...
GO-2023-1377 GitOps Run allows for Kubernetes workload injection in github.com/weaveworks/weave-gitops
GitOps Run allows for Kubernetes workload injection in github.com/weaveworks/weave-gitops...
emlog pro /content/templates/arbitrary file upload vulnerability
emlog is a lightweight blog and CMS builder based on PHP and MySQL. An arbitrary file upload vulnerability exists in emlog pro /content/templates/, which can be exploited by a remote attacker to submit a special request that can be used to upload a malicious file to execute arbitrary code in the...
CVE-2023-34236
Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...
Weave GitOps Terraform Controller Information Disclosure Vulnerability
Impact A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This vulnerability stems from Weave GitOps Terraform Runners tf-runner, where sensitive data is inadvertently printed - potentially...
GHSA-6HVV-J432-23CV Weave GitOps Terraform Controller Information Disclosure Vulnerability
Impact A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This vulnerability stems from Weave GitOps Terraform Runners tf-runner, where sensitive data is inadvertently printed - potentially...
CVE-2023-34236 Information Disclosure Vulnerability in Weave GitOps Terraform Controller
Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...
CVE-2023-34236 Information Disclosure Vulnerability in Weave GitOps Terraform Controller
Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...
CVE-2023-34236
The CVE-2023-34236 disclosure affects Weave GitOps Terraform Controller (tf-controller) via the tf-runner component. The vulnerability arises when tfexec.ShowPlan, tfexec.ShowPlanRaw, or tfexec.Output print sensitive data to standard output/error because Stdout/Stderr are bound to os.Stdout/os.St...