61 matches found
CVE-2023-25165 vulnerabilities
Vulnerabilities for packages: helm...
CVE-2022-23526 vulnerabilities
Vulnerabilities for packages: flux-helm-controller-0.37...
CVE-2022-23525 vulnerabilities
Vulnerabilities for packages: flux-helm-controller-0.37...
CVE-2022-23524 vulnerabilities
Vulnerabilities for packages: flux-helm-controller-0.37...
GHSA-67FX-WX78-JX33 vulnerabilities
Vulnerabilities for packages: flux-helm-controller-0.37...
GHSA-6RX9-889Q-VV2R vulnerabilities
Vulnerabilities for packages: flux-helm-controller-0.37...
GHSA-2QJP-425J-52J9 vulnerabilities
Vulnerabilities for packages: ctop...
CVE-2022-23471 vulnerabilities
Vulnerabilities for packages: ctop...
Helm Controller denial of service
Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK allows for specific data inputs to cause high memory consumption, which in some platforms could cause the controller to panic and stop processing reconciliations. Impact In a shared cluster multi-tenanc...
Flux2 Helm Controller denial of service
...
Denial Of Service (DoS)
github.com/fluxcd/helm-controller and github.com/fluxcd/flux2 are vulnerable to denial of service DoS attacks. A remote authenticated attacker is able to cause a system panic by supplying specific data inputs, resulting in denial of service conditions via high memory consumption...
CVE-2022-36049
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...
CVE-2022-36049 Flux2 Helm Controller denial of service
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...
CVE-2022-36049
Summary: CVE-2022-36049 affects Flux2 and its helm-controller. A defect in the Helm SDK allows crafted data inputs to trigger abnormally high memory usage, potentially causing the controller to panic and halt reconciliations in multi-tenant clusters. Affected versions: Flux2 v0.0.17 through v0.32...
CVE-2022-36049 Flux2 Helm Controller denial of service
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...
CVE-2022-36049 Flux2 Helm Controller denial of service
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...
Flux2 资源管理错误漏洞
Flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters synchronized with their configuration sources. A resource management error vulnerability exists in Flux2 versions prior to v0.0.17 through v0.32.0 and helm-controller versions prior to v0.0.4 through v0.23.0...
PT-2022-4743 · Flux2 +2 · Flux2 +2
Name of the Vulnerable Software and Affected Versions: flux2 versions 0.0.17 through 0.32.0 helm-controller versions 0.0.4 through 0.23.0 Description: A vulnerability found in the Helm SDK affects flux2 and helm-controller, allowing specific data inputs to cause high memory consumption. In some...
GHSA-VVMQ-FWMG-2GJC Improper kubeconfig validation allows arbitrary code execution
Flux2 can reconcile the state of a remote cluster when provided with a kubeconfig with the correct access rights. Kubeconfig files can define commands to be executed to generate on-demand authentication tokens. A malicious user with write access to a Flux source or direct access to the target...
PT-2022-16897 · Unknown +1 · Kustomize-Controller +2
Name of the Vulnerable Software and Affected Versions: Flux2 versions 0.1.0 through 0.29.0 helm-controller versions 0.1.0 through 0.19.0 kustomize-controller versions 0.1.0 through 0.23.0 Description: The issue concerns code injection via malicious Kubeconfig files, potentially leading to privile...