Veracode Vulnerability DatabaseVERACODE:38926Information Disclosure
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
2.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:M/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
12.2%
github.com/weaveworks/weave-gitops is vulnerable to Information Disclosure. The vulnerability exists due to missing encryption of data in gitops run which allows an attacker to gain access to sensitive data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/weaveworks/weave-gitops | le | v0.11.0 | |
| github.com/weaveworks/weave-gitops | le | v0.11.0 |
References
github.com/weaveworks/weave-gitops/commit/babd91574b99b310b84aeec9f8f895bd18acb967
github.com/weaveworks/weave-gitops/commit/ce2bbff0a3609c33396050ed544a5a21f8d0797f
github.com/weaveworks/weave-gitops/pull/3098
github.com/weaveworks/weave-gitops/pull/3098/commits/babd91574b99b310b84aeec9f8f895bd18acb967
github.com/weaveworks/weave-gitops/pull/3106
github.com/weaveworks/weave-gitops/pull/3106/commits/ce2bbff0a3609c33396050ed544a5a21f8d0797f
github.com/weaveworks/weave-gitops/security/advisories/GHSA-89qm-wcmw-3mgg
Related
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
2.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:M/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
12.2%