Lucene search

WolfiWOLFI:CVE-2024-35255

HistoryJun 18, 2024 - 9:08 a.m.

CVE-2024-35255 vulnerabilities

2024-06-1809:08:19

packages.wolfi.dev

cve

2024

35255

vulnerabilities

packages

zot

grafana

harbor-registry

policy-controller

trivy

telegraf

flux-kustomize-controller

velero

rclone

gitlab-runner

nuclei

external-secrets-operator

tekton-pipelines

opentelemetry-collector-contrib

loki

boring-registry

fluent-bit-plugin-loki

keda

rekor

secrets-store-csi-driver-provider-azure

spire-server

rook

cortex

ksops

cosign

external-dns

flux-image-reflector-controller

kyverno

zarf

timestamp-authority

grafana-agent-operator

restic

step-ca

sigstore-scaffolding

chezmoi

flux

bank-vaults

falcoctl

flux-source-controller

goreleaser

guac

prometheus-operator

hugo

argo-workflows

k8sgpt

tkn

fulcio

airflow

filebeat

thanos

unix

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Vulnerabilities for packages: external-secrets-operator, rook, flux-kustomize-controller, zarf, bank-vaults, buildkitd, fluent-bit-plugin-loki, cert-manager, tekton-pipelines, flux-image-reflector-controller, hugo, teleport, tekton-chains, grafana-agent-operator, terragrunt, goreleaser, timestamp-authority, harbor-registry, gitlab-runner, rekor, policy-controller, opentelemetry-collector-contrib, step, grafana-mimir, argo-workflows, up, cosign, prometheus-operator, zot, prometheus, fulcio, traefik, restic, rclone, falcoctl, flyte, flux-source-controller, flux, k8sgpt, secrets-store-csi-driver-provider-azure, grafana, pulumi, nuclei, velero, sops, sqlpad, thanos, sigstore-scaffolding, spire-server, kyverno, loki, airflow, cortex, boring-registry, filebeat, tkn, trivy, external-dns, ksops, telegraf, guac, keda, chezmoi, step-ca

OSVersionArchitecturePackageVersionFilename
Wolfiunknownx86_64airflow<= 2.9.2-r0airflow-2.9.2-r0.apk
Wolfiunknownaarch64airflow<= 2.9.2-r0airflow-2.9.2-r0.apk
Wolfiunknownx86_64argo-workflows<= 3.5.7-r2argo-workflows-3.5.7-r2.apk
Wolfiunknownaarch64argo-workflows<= 3.5.7-r2argo-workflows-3.5.7-r2.apk
Wolfiunknownx86_64bank-vaults<= 1.20.4-r15bank-vaults-1.20.4-r15.apk
Wolfiunknownaarch64bank-vaults<= 1.20.4-r15bank-vaults-1.20.4-r15.apk
Wolfiunknownx86_64boring-registry<= 0.14.0-r3boring-registry-0.14.0-r3.apk
Wolfiunknownaarch64boring-registry<= 0.14.0-r3boring-registry-0.14.0-r3.apk
Wolfiunknownx86_64buildkitd<= 0.14.0-r1buildkitd-0.14.0-r1.apk
Wolfiunknownaarch64buildkitd<= 0.14.0-r1buildkitd-0.14.0-r1.apk

OS	Version	Architecture	Package	Version	Filename
Wolfi	unknown	x86_64	airflow	<= 2.9.2-r0	airflow-2.9.2-r0.apk
Wolfi	unknown	aarch64	airflow	<= 2.9.2-r0	airflow-2.9.2-r0.apk
Wolfi	unknown	x86_64	argo-workflows	<= 3.5.7-r2	argo-workflows-3.5.7-r2.apk
Wolfi	unknown	aarch64	argo-workflows	<= 3.5.7-r2	argo-workflows-3.5.7-r2.apk
Wolfi	unknown	x86_64	bank-vaults	<= 1.20.4-r15	bank-vaults-1.20.4-r15.apk
Wolfi	unknown	aarch64	bank-vaults	<= 1.20.4-r15	bank-vaults-1.20.4-r15.apk
Wolfi	unknown	x86_64	boring-registry	<= 0.14.0-r3	boring-registry-0.14.0-r3.apk
Wolfi	unknown	aarch64	boring-registry	<= 0.14.0-r3	boring-registry-0.14.0-r3.apk
Wolfi	unknown	x86_64	buildkitd	<= 0.14.0-r1	buildkitd-0.14.0-r1.apk
Wolfi	unknown	aarch64	buildkitd	<= 0.14.0-r1	buildkitd-0.14.0-r1.apk