One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 6774470 |
| Date de publication | 2022-09-07 21:15:08 (vue: 2022-09-07 23:06:45) |
| Titre | CVE-2022-36049 |
| Texte | Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0. |
| Envoyé | Oui |
| Condensat | 2022 36049 affects all allows are available being cause chart cluster clusters configuration consumption controller could create cve data declaratively denying environment flux flux2 found from helm helmrelease high inputs integrated keeping kubernetes makes manage memory multi one operator other panic patches platforms processing reconciled reconciliations releases sdk shared some sources specific stop sync tenancy tenant tenants tightly tool until vulnerability |
| Tags | Tool Vulnerability |
| Stories | Uber |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.