Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.5 views

CVE-2022-23509

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

7.3CVSS6.6AI score0.00239EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/13 7:32 p.m.8 views

XML External Entity (XXE) Injection

io.github.robothy:local-s3-rest is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing due to the service resolving external entities in the CreateBucketConfiguration XML document, allowing attackers to perform server-side request forgery SSRF and lea...

6.9CVSS6.7AI score0.00497EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2025/03/10 6:42 p.m.7 views

io.github.robothy:local-s3-jupiter (>=1.2 <=1.20), org.sdase.commons:sda-commons-server-s3-testing (>=6.0.0 <=7.3.7) potentially affected by CVE-2025-27136 via io.github.robothy:local-s3-rest (>=1.10 <=1.20)

io.github.robothy:local-s3-rest MAVEN version =1.10, =1.2, =6.0.0, =7.3.7 Source cves: CVE-2025-27136 Source advisory: SNYK:JAVA-IOGITHUBROBOTHY-9396840...

6.9CVSS5.8AI score0.00497EPSS
Exploits1
Snyk
Snyk
added 2025/03/10 6:29 p.m.3 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection when parsing DTD files. External entities referenced in a malicious DTD document are resolved and retrieved. This allows attackers to expose information from internal URLs that are not meant to be...

7.2CVSS7.4AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/03/10 6:29 p.m.7 views

io.github.robothy:local-s3-jupiter (>=1.2 <=1.20), org.sdase.commons:sda-commons-server-s3-testing (>=6.0.0 <=7.3.7) potentially affected by unknown CVE via io.github.robothy:local-s3-rest (>=1.10 <=1.20)

io.github.robothy:local-s3-rest MAVEN version =1.10, =1.2, =6.0.0, =7.3.7 Source cves: unknown CVE Source advisory: SNYK:JAVA-IOGITHUBROBOTHY-9399376...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/10 6:29 p.m.5 views

io.github.robothy:local-s3-jupiter (>=1.2 <=1.20), org.sdase.commons:sda-commons-server-s3-testing (>=7.3.1 <=7.3.7) potentially affected by unknown CVE via io.github.robothy:local-s3-rest (>=1.2 <=1.20)

io.github.robothy:local-s3-rest MAVEN version =1.2, =1.2, =7.3.1, =7.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-47QW-CCJM-9C2C...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/10 6:29 p.m.8 views

io.github.robothy:local-s3-jupiter (>=1.2 <=1.20), org.sdase.commons:sda-commons-server-s3-testing (>=6.0.0 <=7.3.7) potentially affected by unknown CVE via io.github.robothy:local-s3-rest (>=1.10 <=1.20)

io.github.robothy:local-s3-rest MAVEN version =1.10, =1.2, =6.0.0, =7.3.7 Source cves: unknown CVE Source advisory: SNYK:JAVA-IOGITHUBROBOTHY-9399367...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/10 6:29 p.m.7 views

io.github.robothy:local-s3-jupiter (>=1.2 <=1.20), org.sdase.commons:sda-commons-server-s3-testing (>=7.3.1 <=7.3.7) potentially affected by unknown CVE via io.github.robothy:local-s3-rest (>=1.2 <=1.20)

io.github.robothy:local-s3-rest MAVEN version =1.2, =1.2, =7.3.1, =7.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-V232-254C-M6P7...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/10 6:29 p.m.6 views

io.github.robothy:local-s3-jupiter (>=1.2 <=1.20), org.sdase.commons:sda-commons-server-s3-testing (>=6.0.0 <=7.3.7) potentially affected by unknown CVE via io.github.robothy:local-s3-rest (>=1.10 <=1.20)

io.github.robothy:local-s3-rest MAVEN version =1.10, =1.2, =6.0.0, =7.3.7 Source cves: unknown CVE Source advisory: SNYK:JAVA-IOGITHUBROBOTHY-9399373...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/10 6:24 p.m.6 views

io.github.robothy:local-s3-jupiter (>=1.2 <=1.20), org.sdase.commons:sda-commons-server-s3-testing (>=7.3.1 <=7.3.7) potentially affected by CVE-2025-27136 via io.github.robothy:local-s3-rest (>=1.2 <=1.20)

io.github.robothy:local-s3-rest MAVEN version =1.2, =1.2, =7.3.1, =7.3.7 Source cves: CVE-2025-27136 Source advisory: OSV:GHSA-G6WM-2V64-WQ36...

6.9CVSS5.4AI score0.00497EPSS
Exploits1
OSV
OSV
added 2025/03/10 6:24 p.m.2 views

GHSA-G6WM-2V64-WQ36 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection

Description The LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML parser is configured to resolve external entities. This allows an attacker to declare...

6.9CVSS5.9AI score0.00497EPSS
Exploits1References4
OSV
OSV
added 2023/01/09 7:45 p.m.47 views

GHSA-89QM-WCMW-3MGG Gitops Run insecure communication

Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...

7.3CVSS6.6AI score0.00239EPSS
Exploits0References5
NVD
NVD
added 2023/01/09 2:15 p.m.35 views

CVE-2022-23509

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

7.3CVSS7.3AI score0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/09 1:1 p.m.8 views

CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

7.3CVSS7.6AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.3 views

PT-2023-12724 · Weave · Weave Gitops

Name of the Vulnerable Software and Affected Versions: Weave GitOps versions prior to v0.12.0 Description: The communication between GitOps Run and the local S3 bucket is not encrypted, allowing privileged users or processes to tap the local traffic and gain information permitting access to the S...

7.3CVSS6.9AI score0.00239EPSS
Exploits0References10
Rows per page
Query Builder