One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 4553468 |
| Date de publication | 2022-05-06 01:15:09 (vue: 2022-05-06 06:06:12) |
| Titre | CVE-2022-24877 |
| Texte | Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. |
| Envoyé | Oui |
| Condensat | 2022 24877 `kustomization allows attacker automated ci/cd conform continuous controller controllerã¢â‚¬â„¢s cve data delivery deployments escalation expose extensible files filesystem fixed flux flux2 from include included kubernetes kustomize malicious multi open path pipeline pod policies possibly privilege sensitive solution specific tenancy tooling traversal user validate vulnerability workarounds yaml` |
| Tags | Vulnerability |
| Stories | Uber |
| Notes | ★★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.