3 matches found
CVE-2022-24877
CVE-2022-24877 affects Flux/Open source Flux CD components: path traversal in the kustomize-controller triggered by a crafted kustomization.yaml, enabling exposure of sensitive data from the controller pod filesystem and potentially privilege escalation in multi-tenant deployments. The issue is m...
CVE-2022-24878
CVE-2022-24878 describes a path-traversal vulnerability in Flux’s kustomize-controller. A malicious kustomization.yaml can cause the kustomize-controller to enter a denial-of-service condition at the controller level. The issue arises from improper handling of paths in Kustomization processing. T...
CVE-2021-41254
CVE-2021-41254 affects the Flux CD kustomize-controller, allowing authenticated users who can create Secrets, Service Accounts, and Flux Kustomization objects to have the controller execute shell commands inside its container via embedded Secrets. This enables running kubectl under the controller...