CVE-2022-24877
CRITICAL9.9EPSS 0.62%Improper path handling in kustomization files allows path traversal in github.com/fluxcd/flux2
Published: 5/4/2022Modified: 2/4/2026
Description
Improper path handling in kustomization files allows path traversal in github.com/fluxcd/flux2
Affected packages (6)
- Bitnami/fluxfrom 0, < 0.29.0
- Bitnami/kustomizefrom 0, < 0.24.0
- Go/github.com/fluxcd/flux2from 0, < 0.29.0
- Go/github.com/fluxcd/flux2from 0, < 0.29.0
- Go/github.com/fluxcd/kustomize-controllerfrom 0, < 0.24.0
- Go/github.com/fluxcd/kustomize-controllerfrom 0, < 0.24.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.9 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-24877
- PATCHgithub.com/fluxcd/kustomize-controller
- WEBhttps://github.com/fluxcd/flux2/security/advisories/GHSA-j77r-2fxf-5jrw
- WEBhttps://github.com/fluxcd/kustomize-controller/commit/f4528fb25d611da94e491346bea056d5c5c3611f
- WEBhttps://github.com/fluxcd/pkg/commit/0ec014baf417fd3879d366a45503a548b9267d2a