OPENSUSE-SU-2026:10831-1 flux2-cli-2.8.8-1.1 on GA media

These are all security issues fixed in the flux2-cli-2.8.8-1.1 package on the GA media of openSUSE Tumbleweed...

flux2-cli-2.8.7-1.1 on GA media (moderate)

flux2-cli-2.8.7-1.1 on GA media Announcement ID: openSUSE-SU-2026:10769-1 Rating: moderate Cross-References: CVE-2026-45022 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2026:10769-1 flux2-cli-2.8.7-1.1 on GA media

These are all security issues fixed in the flux2-cli-2.8.7-1.1 package on the GA media of openSUSE Tumbleweed...

BIT-FLUX-2022-39272 Flux2 vulnerable to Denial of Service due to Improper use of metav1.Duration

Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interv...

BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

EUVD-2022-5436

Malicious code in bioql PyPI...

EUVD-2022-6887

Malicious code in bioql PyPI...

CVE-2022-36049

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...

CVE-2022-24817

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

GO-2022-0960 Flux CLI Workload Injection in github.com/fluxcd/flux2

Flux CLI Workload Injection in github.com/fluxcd/flux2...

GO-2022-0448 Improper path handling in Kustomization files allows for denial of service in github.com/fluxcd/flux2

Improper path handling in Kustomization files allows for denial of service in github.com/fluxcd/flux2...

GO-2022-0447 Improper path handling in kustomization files allows path traversal in github.com/fluxcd/flux2

Improper path handling in kustomization files allows path traversal in github.com/fluxcd/flux2...

BIT-KUSTOMIZE-2022-24817 Improper kubeconfig validation allows arbitrary code execution

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

BIT-HELM-2022-36049 Flux2 Helm Controller denial of service

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...

CBL Mariner 2.0 Security Update: helm (CVE-2022-36049)

The version of helm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-36049 advisory. - Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-...

Flux2 输入验证错误漏洞

Flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters synchronized with their configuration sources. A security vulnerability exists in Flux2 versions prior to 0.35.0, which stems from a denial of service Dos that can be caused by a user authorized to change Fl...

CVE-2022-39272 Flux2 vulnerable to Denial of Service due to Improper use of metav1.Duration

Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interv...

Flux2 Helm Controller denial of service

...

Denial Of Service (DoS)

github.com/fluxcd/helm-controller and github.com/fluxcd/flux2 are vulnerable to denial of service DoS attacks. A remote authenticated attacker is able to cause a system panic by supplying specific data inputs, resulting in denial of service conditions via high memory consumption...

CVE-2022-36049

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...