Lucene search

K

4 matches found

CVE
CVE
added 2022/10/22 12:15 a.m.281 views

CVE-2022-39272

Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval...

5CVSS4.5AI score0.00047EPSS
CVE
CVE
added 2022/05/06 1:15 a.m.77 views

CVE-2022-24877

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. ...

9.9CVSS8.6AI score0.00617EPSS
CVE
CVE
added 2022/05/06 2:15 a.m.71 views

CVE-2022-24878

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to va...

7.7CVSS6.3AI score0.00294EPSS
CVE
CVE
added 2022/05/06 12:15 a.m.60 views

CVE-2022-24817

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also lea...

9.9CVSS9.7AI score0.00359EPSS