CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64 matches found

CNNVD•added 2023/01/09 12:0 a.m.•2 views

Weave GitOps 信息泄露漏洞

Weaveworks Weave GitOps is a simple open source developer platform from Weaveworks, UK. Weave GitOps suffers from an information disclosure vulnerability that stems from unencrypted communication between GitOps Run and the local S3 bucket...

7.3CVSS6.6AI score0.00033EPSS

Exploits0References4

Positive Technologies•added 2023/01/09 12:0 a.m.•2 views

PT-2023-12723 · Weave · Weave Gitops

Name of the Vulnerable Software and Affected Versions: Weave GitOps versions prior to v0.12.0 Description: A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are...

8.8CVSS7.1AI score0.00052EPSS

Exploits0References10

Positive Technologies•added 2023/01/09 12:0 a.m.•2 views

PT-2023-12724 · Weave · Weave Gitops

Name of the Vulnerable Software and Affected Versions: Weave GitOps versions prior to v0.12.0 Description: The communication between GitOps Run and the local S3 bucket is not encrypted, allowing privileged users or processes to tap the local traffic and gain information permitting access to the S...

7.3CVSS6.9AI score0.00033EPSS

Exploits0References10

CNNVD•added 2023/01/09 12:0 a.m.•4 views

Weave GitOps 安全漏洞

Weaveworks Weave GitOps is a simple open source developer platform from Weaveworks, UK. Weave GitOps suffers from a security vulnerability that stems from endpoints having no security controls to block unauthorized access...

8.8CVSS7.5AI score0.00052EPSS

Exploits0References4

BDU FSTEC•added 2022/09/02 12:0 a.m.•1 views

The vulnerability of the Kubernetes cluster deployment and management software Weave GitOps Enterprise, related to the lack of measures for cleaning input data, allows an attacker to execute XSS attacks.

The vulnerability of the Kubernetes Weave GitOps Enterprise deployment and cluster management software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to carry out XSS attacks using a specially created link...

7.5CVSS5.9AI score0.00322EPSS

Exploits1References5Affected Software1

NVD•added 2022/09/01 1:15 p.m.•12 views

CVE-2022-38790

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...

5.4CVSS0.00322EPSS

Exploits1References4

OSV•added 2022/09/01 1:15 p.m.•18 views

CVE-2022-38790

5.4CVSS5.8AI score0.00322EPSS

Exploits1References4

ATTACKERKB•added 2022/09/01 1:15 p.m.•1 views

CVE-2022-38790

5.4CVSS5.7AI score0.00322EPSS

Exploits1References5

Prion•added 2022/09/01 1:15 p.m.•14 views

Cross site scripting

4.9CVSS5.2AI score0.00322EPSS

Exploits1References4Affected Software1

CVE•added 2022/09/01 12:55 p.m.•64 views

CVE-2022-38790

Summary : CVE-2022-38790 affects Weave GitOps Enterprise before 0.9.0-rc.5 with a cross-site scripting (XSS) vulnerability in the UI. An attacker can inject a javascript: link into the UI, which, when clicked by a victim, executes with the victim’s permissions. The exposure is surfaced in the Git...

5.4CVSS5.2AI score0.00322EPSS

Exploits1References4Affected Software1

Cvelist•added 2022/09/01 12:55 p.m.•13 views

CVE-2022-38790

5.5AI score0.00322EPSS

Exploits1References4

Positive Technologies•added 2022/09/01 12:0 a.m.•3 views

PT-2022-4593 · Weave · Weave Gitops Enterprise

Name of the Vulnerable Software and Affected Versions: Weave GitOps Enterprise versions prior to 0.9.0-rc.5 Description: The issue is related to a lack of input data sanitization, which can be exploited by a remote attacker to conduct a cross-site scripting XSS attack using a specially crafted...

7.5CVSS5.2AI score0.00322EPSS

Exploits1References8

CNNVD•added 2022/09/01 12:0 a.m.•2 views

Weave GitOps 跨站脚本漏洞

Weave GitOps is a simple open source developer platform open sourced by Weaveworks. A security vulnerability exists in Weave GitOps Enterprise prior to version 0.9.0-rc.5, which stems from having cross-site scripting XSS that allows a malicious user to inject a javascript link into the UI, which...

5.4CVSS5.5AI score0.00322EPSS

Exploits1References5

CNVD•added 2022/06/30 12:0 a.m.•14 views

Weave GitOps Log Information Disclosure Vulnerability

Weave GitOps is a simple open source developer platform open source by Weaveworks. Weave GitOps has a log information disclosure vulnerability. The vulnerability stems from insufficient protection of sensitive information and can be exploited by an authenticated remote attack to view sensitive...

9CVSS6.2AI score0.00399EPSS

Exploits0References1

NVD•added 2022/06/27 10:15 p.m.•14 views

CVE-2022-31098

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...

9CVSS0.00399EPSS

Exploits0References2

Prion•added 2022/06/27 10:15 p.m.•13 views

Design/Logic Flaw

4.3CVSS7.4AI score0.00399EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/06/27 10:5 p.m.•15 views

CVE-2022-31098 Weave GitOps leaked cluster credentials into logs on connection errors

9CVSS9.1AI score0.00399EPSS

Exploits0References2

CVE•added 2022/06/27 10:5 p.m.•413 views

CVE-2022-31098

Weave GitOps vulnerable to information disclosure in logs: when connecting to a registered Kubernetes API server, the client factory dumps cluster configurations and service account tokens into pod logs on the management cluster or external log storage. An authenticated remote attacker could acce...

9CVSS7.5AI score0.00399EPSS

Exploits0References2Affected Software1