3 matches found
Information Disclosure
github.com/knative/func is vulnerable to information disclosure. The vulnerability is due to compromised third-party buildpacks which expose their registry credentials or local docker socket to a malicious lifecycle container, which allows remote attackers to access unauthorized information. This...
CVE-2022-41939 Credential exposure when running third-party builders in knative/func
knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious lifecycle container. This issues has bee...
PT-2022-26170 · Unknown · Knative.Dev/Func
Name of the Vulnerable Software and Affected Versions: knative.dev/func versions prior to 1.8.1 Description: The issue affects developers using malicious or compromised third-party buildpacks, potentially exposing their registry credentials or local docker socket to a malicious lifecycle containe...