Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:12 a.m.10 views

CVE-2022-23508

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...

8.8CVSS6.3AI score0.00318EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/01/09 7:45 p.m.72 views

Gitops Run insecure communication

Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...

7.3CVSS1.4AI score0.00239EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/01/09 7:45 p.m.45 views

GHSA-89QM-WCMW-3MGG Gitops Run insecure communication

Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...

7.3CVSS6.6AI score0.00239EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/01/09 12:56 p.m.42 views

CVE-2022-23508 GitOps Run allows for Kubernetes workload injection

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...

8.8CVSS8.7AI score0.00318EPSS
Exploits0References3
CVE
CVE
added 2023/01/09 12:56 p.m.90 views

CVE-2022-23508

CVE-2022-23508 affects Weave GitOps (GitOps Run) where a local user/process can access a local S3 bucket used to synchronize files with a Kubernetes cluster. The endpoint lacked security controls, allowing on‑machine actors to view/alter bucket content and inject a workload into the bucket, resul...

8.8CVSS7.8AI score0.00318EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder