BIT-FLUX-2022-36049 Flux2 Helm Controller denial of service

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...

BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

Flux2 资源管理错误漏洞

Flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters synchronized with their configuration sources. A resource management error vulnerability exists in Flux2 versions prior to v0.0.17 through v0.32.0 and helm-controller versions prior to v0.0.4 through v0.23.0...

PT-2022-4743 · Flux2 +2 · Flux2 +2

Name of the Vulnerable Software and Affected Versions: flux2 versions 0.0.17 through 0.32.0 helm-controller versions 0.0.4 through 0.23.0 Description: A vulnerability found in the Helm SDK affects flux2 and helm-controller, allowing specific data inputs to cause high memory consumption. In some...

Flux2 路径遍历漏洞

kustomize-controller is a Kubernetes operator that specializes in running continuous delivery pipelines for infrastructures and workloads defined with a Kubernetes manifest and assembled using Kustomize. flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters in...

PT-2022-16897 · Unknown +1 · Kustomize-Controller +2

Name of the Vulnerable Software and Affected Versions: Flux2 versions 0.1.0 through 0.29.0 helm-controller versions 0.1.0 through 0.19.0 kustomize-controller versions 0.1.0 through 0.23.0 Description: The issue concerns code injection via malicious Kubeconfig files, potentially leading to privile...

Flux2 路径遍历漏洞

kustomize-controller is a Kubernetes operator that specializes in running continuous delivery pipelines for infrastructures and workloads defined with a Kubernetes manifest and assembled using Kustomize. flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters in...