Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. Users are recommended to upgrade.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HFluxcd Flux2
APPFluxcd< 0.29.0Fluxcd Kustomize Controller
APPFluxcd< 0.24.0
Powiązane podatności
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and ...
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-co...
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-control...
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), ...
kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infras...