3 matches found
CVE-2022-31098
Weave GitOps vulnerable to information disclosure in logs: when connecting to a registered Kubernetes API server, the client factory dumps cluster configurations and service account tokens into pod logs on the management cluster or external log storage. An authenticated remote attacker could acce...
CVE-2022-23508
CVE-2022-23508 affects Weave GitOps (GitOps Run) where a local user/process can access a local S3 bucket used to synchronize files with a Kubernetes cluster. The endpoint lacked security controls, allowing on‑machine actors to view/alter bucket content and inject a workload into the bucket, resul...
CVE-2022-23509
CVE-2022-23509 concerns insecure, unencrypted communication between Weave GitOps’ GitOps Run and its local S3 bucket. This allows privileged users or processes to tap traffic and obtain information enabling access to the S3 bucket, potentially leading to bucket content modification and unintended...