BIT-FLUX-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

CVE-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

Flux2 路径遍历漏洞

kustomize-controller is a Kubernetes operator that specializes in running continuous delivery pipelines for infrastructures and workloads defined with a Kubernetes manifest and assembled using Kustomize. flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters in...

Flux2 路径遍历漏洞

kustomize-controller is a Kubernetes operator that specializes in running continuous delivery pipelines for infrastructures and workloads defined with a Kubernetes manifest and assembled using Kustomize. flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters in...

PT-2022-16949 · Unknown +1 · Kustomize-Controller +1

Name of the Vulnerable Software and Affected Versions: kustomize-controller versions prior to 0.24.0 flux2 versions prior to 0.29.0 Description: The issue concerns a Path Traversal vulnerability in the kustomize-controller via a malicious kustomization.yaml file, allowing an attacker to expose...