CVE-2022-24878

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

CVE-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

PT-2022-16950 · Unknown +1 · Kustomize-Controller +1

Name of the Vulnerable Software and Affected Versions: kustomize-controller versions prior to 0.24.0 flux2 versions prior to 0.29.0 Description: Flux is an open and extensible continuous delivery solution for Kubernetes. A Path Traversal issue in the kustomize-controller via a malicious...

Path Traversal

flux2 and kustomize-controller are vulnerable to path traversal. Kustomization file path are not sanitized, allowing an attacker to use built-in features to send malicious kustomization.yaml to expose sensitive data...