7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.0%
github.com/fluxcd/helm-controller and github.com/fluxcd/flux2 are vulnerable to denial of service (DoS) attacks. A remote authenticated attacker is able to cause a system panic by supplying specific data inputs, resulting in denial of service conditions via high memory consumption.
bugs.chromium.org/p/oss-fuzz/issues/detail?id=44996
bugs.chromium.org/p/oss-fuzz/issues/detail?id=48360
github.com/fluxcd/flux2/commit/93fdd795da264491d5fc60a63a275425438fad01
github.com/fluxcd/flux2/issues/2952
github.com/fluxcd/flux2/pull/2999
github.com/fluxcd/flux2/security/advisories/GHSA-p2g7-xwvr-rrw3
github.com/fluxcd/helm-controller/commit/2195310e7c2cdeb201b4b99d4655d2b62800f6f1
github.com/fluxcd/helm-controller/pull/516
github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.0%