CVE-2022-24878

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

CVE-2022-24878

CVE-2022-24878 describes a path-traversal vulnerability in Flux’s kustomize-controller. A malicious kustomization.yaml can cause the kustomize-controller to enter a denial-of-service condition at the controller level. The issue arises from improper handling of paths in Kustomization processing. T...

CVE-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

CVE-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

CVE-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

CVE-2022-24877

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

CVE-2022-24877

CVE-2022-24877 affects Flux/Open source Flux CD components: path traversal in the kustomize-controller triggered by a crafted kustomization.yaml, enabling exposure of sensitive data from the controller pod filesystem and potentially privilege escalation in multi-tenant deployments. The issue is m...

CVE-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

Flux2 路径遍历漏洞

kustomize-controller is a Kubernetes operator that specializes in running continuous delivery pipelines for infrastructures and workloads defined with a Kubernetes manifest and assembled using Kustomize. flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters in...

PT-2022-16897 · Unknown +1 · Kustomize-Controller +2

Name of the Vulnerable Software and Affected Versions: Flux2 versions 0.1.0 through 0.29.0 helm-controller versions 0.1.0 through 0.19.0 kustomize-controller versions 0.1.0 through 0.23.0 Description: The issue concerns code injection via malicious Kubeconfig files, potentially leading to privile...

Flux2 路径遍历漏洞

kustomize-controller is a Kubernetes operator that specializes in running continuous delivery pipelines for infrastructures and workloads defined with a Kubernetes manifest and assembled using Kustomize. flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters in...

Flux2 代码注入漏洞

Flux2 is a tool from the Cloud Native Computing Foundation to keep Kubernetes clusters synchronized with their configuration sources. A security vulnerability exists in Flux2 prior to v0.29.0, Flux2 helm-controller prior to v0.19.0, and Flux2 kustomize-controller prior to v0.23.0, which stems fro...

PT-2022-16950 · Unknown +1 · Kustomize-Controller +1

Name of the Vulnerable Software and Affected Versions: kustomize-controller versions prior to 0.24.0 flux2 versions prior to 0.29.0 Description: Flux is an open and extensible continuous delivery solution for Kubernetes. A Path Traversal issue in the kustomize-controller via a malicious...

Path Traversal

flux2 and kustomize-controller are vulnerable to path traversal. Kustomization file path are not sanitized, allowing an attacker to use built-in features to send malicious kustomization.yaml to expose sensitive data...

GHSA-J77R-2FXF-5JRW Improper path handling in kustomization files allows path traversal

The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user can use built-in features and a specially crafted kustomization.yaml to expose sensitive data from the controller’s pod filesystem. In multi-tenancy...

Improper path handling in kustomization files allows path traversal

The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user can use built-in features and a specially crafted kustomization.yaml to expose sensitive data from the controller’s pod filesystem. In multi-tenancy...

PT-2022-16949 · Unknown +1 · Kustomize-Controller +1

Name of the Vulnerable Software and Affected Versions: kustomize-controller versions prior to 0.24.0 flux2 versions prior to 0.29.0 Description: The issue concerns a Path Traversal vulnerability in the kustomize-controller via a malicious kustomization.yaml file, allowing an attacker to expose...

Design/Logic Flaw

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could...

CVE-2021-41254

CVE-2021-41254 affects the Flux CD kustomize-controller, allowing authenticated users who can create Secrets, Service Accounts, and Flux Kustomization objects to have the controller execute shell commands inside its container via embedded Secrets. This enables running kubectl under the controller...

CVE-2021-41254 Privilege escalation to cluster admin on multi-tenant environments

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could...