CRITICAL🇵🇱 Wersja polska

CVE-2022-35975

CVSS 9.0v3.1pub. 2022-08-18upd. 2024-11-21

The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue. The only safe mitigation is to update to the latest version of the extension.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Weave Gitops Tools

    APP
    Weave
    0.7.0 – 0.20.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2022-35976MEDIUM5.2ten sam produkt

The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. ...

CVE-2022-31098CRITICAL9.0ten sam vendor

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without...

CVE-2020-35464CRITICAL9.8ten sam vendor

Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deplo...

CVE-2024-25545HIGH7.8ten sam vendor

An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted scri...

CVE-2023-34236HIGH8.5ten sam vendor

Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform re...