5 matches found
CVE-2022-23508
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
GHSA-89QM-WCMW-3MGG Gitops Run insecure communication
Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...
Gitops Run insecure communication
Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...
CVE-2022-23508 GitOps Run allows for Kubernetes workload injection
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
CVE-2022-23508
CVE-2022-23508 affects Weave GitOps (GitOps Run) where a local user/process can access a local S3 bucket used to synchronize files with a Kubernetes cluster. The endpoint lacked security controls, allowing on‑machine actors to view/alter bucket content and inject a workload into the bucket, resul...