3 matches found
CVE-2022-24817
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...
CVE-2022-24817
The CVE-2022-24817 entry applies to Flux2 components: Flux2 itself (versions 0.1.0–0.29.0), helm-controller (0.1.0–v0.19.0), and kustomize-controller (0.1.0–v0.23.0). The root cause is Code Injection via malicious kubeconfig, enabling arbitrary code execution; in multi-tenant deployments it can a...
CVE-2022-24817 Improper kubeconfig validation allows arbitrary code execution
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...