Lucene search
K

5 matches found

OSV
OSV
added 2024/05/15 5:9 p.m.25 views

GHSA-V554-XWGW-HC3W source-controller leaks Azure Storage SAS token into logs

Impact When source-controller is configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access t...

5.1CVSS5.1AI score0.00213EPSS
Exploits0References5
OSV
OSV
added 2022/10/19 6:40 p.m.35 views

GHSA-F4P5-X4VC-MH4V Improper use of metav1.Duration allows for Denial of Service

Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout and structured...

5CVSS4.6AI score0.00606EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2022/10/19 6:40 p.m.32 views

Improper use of metav1.Duration allows for Denial of Service

Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout and structured...

5CVSS5AI score0.00606EPSS
Exploits0References12Affected Software13
OSV
OSV
added 2022/09/16 6:49 p.m.42 views

GHSA-P2G7-XWVR-RRW3 Helm Controller denial of service

Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK allows for specific data inputs to cause high memory consumption, which in some platforms could cause the controller to panic and stop processing reconciliations. Impact In a shared cluster multi-tenanc...

7.7CVSS6.8AI score0.01045EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/09/01 10:15 p.m.28 views

Flux CLI Workload Injection

Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the...

7.8CVSS7.6AI score0.00306EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder