Weave GitOps 日志信息泄露漏洞

Weave GitOps is a simple open source developer platform open source by Weaveworks. Weave GitOps has a log information disclosure vulnerability. The vulnerability stems from insufficient protection of sensitive information and can be exploited by an authenticated remote attack to view sensitive...

Weave GitOps leaked cluster credentials into logs on connection errors

Impact A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster...

GHSA-XGGC-QPRG-X6MW Weave GitOps leaked cluster credentials into logs on connection errors

Impact A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster...

PT-2022-20525 · Weave · Weave Gitops

Name of the Vulnerable Software and Affected Versions: Weave GitOps versions prior to v0.8.1-rc.6 Description: A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters,...