350 matches found
Gitops Run insecure communication
Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...
GHSA-89QM-WCMW-3MGG Gitops Run insecure communication
Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...
GHSA-WR3C-G326-486C GitOps Run allows for Kubernetes workload injection
Impact A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthoris...
GitOps Run allows for Kubernetes workload injection
Impact A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthoris...
CVE-2022-23509
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
Design/Logic Flaw
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-23508
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
Memory corruption
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-23509
CVE-2022-23509 concerns insecure, unencrypted communication between Weave GitOps’ GitOps Run and its local S3 bucket. This allows privileged users or processes to tap traffic and obtain information enabling access to the S3 bucket, potentially leading to bucket content modification and unintended...
CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-23508 GitOps Run allows for Kubernetes workload injection
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
CVE-2022-23508 GitOps Run allows for Kubernetes workload injection
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
CVE-2022-23508 GitOps Run allows for Kubernetes workload injection
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
CVE-2022-23508
CVE-2022-23508 affects Weave GitOps (GitOps Run) where a local user/process can access a local S3 bucket used to synchronize files with a Kubernetes cluster. The endpoint lacked security controls, allowing on‑machine actors to view/alter bucket content and inject a workload into the bucket, resul...
Weave GitOps 信息泄露漏洞
Weaveworks Weave GitOps is a simple open source developer platform from Weaveworks, UK. Weave GitOps suffers from an information disclosure vulnerability that stems from unencrypted communication between GitOps Run and the local S3 bucket...
PT-2023-12723 · Weave · Weave Gitops
Name of the Vulnerable Software and Affected Versions: Weave GitOps versions prior to v0.12.0 Description: A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are...
PT-2023-12724 · Weave · Weave Gitops
Name of the Vulnerable Software and Affected Versions: Weave GitOps versions prior to v0.12.0 Description: The communication between GitOps Run and the local S3 bucket is not encrypted, allowing privileged users or processes to tap the local traffic and gain information permitting access to the S...
Weave GitOps 安全漏洞
Weaveworks Weave GitOps is a simple open source developer platform from Weaveworks, UK. Weave GitOps suffers from a security vulnerability that stems from endpoints having no security controls to block unauthorized access...