HIGH🇬🇧 English

CVE-2022-36049

CVSS 7.7v3.1pub. 2022-09-07upd. 2024-11-21

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • Fluxcd Flux2

    APP
    Fluxcd
    0.0.17 – 0.32.0 (bez)
  • Fluxcd Helm Controller

    APP
    Fluxcd
    0.0.4 – 0.23.0 (bez)
  • Helm

    APP
    Helm
    3.0.0 – 3.9.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Container
CWE
Referencje

Powiązane podatności

CVE-2022-24817CRITICAL9.9ten sam produkt

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and ...

CVE-2022-24877CRITICAL9.9ten sam produkt

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-co...

CVE-2019-18658CRITICAL9.8ten sam produkt

In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide...

CVE-2019-1010275CRITICAL9.8ten sam produkt

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized client...

CVE-2026-35204HIGH8.4ten sam produkt

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, whe...

CVE-2022-36049 — HIGH 7.7 | CVEbaza.pl