64 matches found
CVE-2023-34236 Information Disclosure Vulnerability in Weave GitOps Terraform Controller
Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...
PT-2023-24760 · Weave · Weave Gitops Terraform Controller
Name of the Vulnerable Software and Affected Versions: Weave GitOps Terraform Controller versions prior to v0.14.4 Weave GitOps Terraform Controller versions prior to v0.15.0-rc.5 Description: A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an...
Weave GitOps 信息泄露漏洞
Weaveworks Weave GitOps is a simple open source developer platform from Weaveworks UK. An information disclosure vulnerability exists in Weave GitOps Terraform Controller Weave TF-controller v0.14.3 and earlier, v0.15.0-rc.4 and earlier, which originates in Weave GitOps Terraform Runners tf-...
Information Disclosure
github.com/weaveworks/weave-gitops is vulnerable to Information Disclosure. The vulnerability exists due to missing encryption of data in gitops run which allows an attacker to gain access to sensitive data...
Workload Injection
github.com/weaveworks/weave-gitops is vulnerable to workload injection. The library uses an S3 bucket for synchronising files, with no security controls to block unauthorised access in its endpoint, which allows local users on the same machine to see and alter the bucket content...
GHSA-89QM-WCMW-3MGG Gitops Run insecure communication
Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...
Gitops Run insecure communication
Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...
GHSA-WR3C-G326-486C GitOps Run allows for Kubernetes workload injection
Impact A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthoris...
GitOps Run allows for Kubernetes workload injection
Impact A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthoris...
CVE-2022-23509
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
Design/Logic Flaw
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-23508
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
Memory corruption
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
CVE-2022-23509
CVE-2022-23509 concerns insecure, unencrypted communication between Weave GitOps’ GitOps Run and its local S3 bucket. This allows privileged users or processes to tap traffic and obtain information enabling access to the S3 bucket, potentially leading to bucket content modification and unintended...
CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-23508
CVE-2022-23508 affects Weave GitOps (GitOps Run) where a local user/process can access a local S3 bucket used to synchronize files with a Kubernetes cluster. The endpoint lacked security controls, allowing on‑machine actors to view/alter bucket content and inject a workload into the bucket, resul...
CVE-2022-23508 GitOps Run allows for Kubernetes workload injection
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...
CVE-2022-23508 GitOps Run allows for Kubernetes workload injection
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...