3 matches found
CVE-2022-39395
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...
CVE-2022-39395 Vela Insecure Defaults
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...
CVE-2022-39395
CVE-2022-39395 : Vela’s default configuration allows container breakout in Vela Server/Worker (pre-0.16.0) and Vela UI (pre-0.17.0). Upgrading to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 is required to fix the issue; after patching, admins must explicitly adjust defaults to their desired confi...