CVE-2022-23508
HIGH8.8EPSS 0.05%GitOps Run allows for Kubernetes workload injection in github.com/weaveworks/weave-gitops
Published: 1/9/2023Modified: 3/3/2026
Description
GitOps Run allows for Kubernetes workload injection in github.com/weaveworks/weave-gitops
Affected packages (2)
- Go/github.com/weaveworks/weave-gitopsfrom 0, < 0.12.0
- Go/github.com/weaveworks/weave-gitopsfrom 0, < 0.12.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-23508
- PATCHhttps://github.com/weaveworks/weave-gitops
- WEBhttps://github.com/weaveworks/weave-gitops/pull/3102/commits/966823bbda8c539a4661e2a4f8607c9307ba6225
- WEBhttps://github.com/weaveworks/weave-gitops/pull/3114/commits/75268c4d2c8f7e4db22c63d76b451ba6545d117f
- WEBhttps://github.com/weaveworks/weave-gitops/security/advisories/GHSA-wr3c-g326-486c