CVE-2022-23508
HIGH8.8EPSS 0.05%GitOps Run allows for Kubernetes workload injection in github.com/weaveworks/weave-gitops
發布日:2023/1/9修改日:2026/3/3
描述
GitOps Run allows for Kubernetes workload injection in github.com/weaveworks/weave-gitops
受影響套件(2)
- Go/github.com/weaveworks/weave-gitopsfrom 0, < 0.12.0
- Go/github.com/weaveworks/weave-gitopsfrom 0, < 0.12.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-23508
- PATCHhttps://github.com/weaveworks/weave-gitops
- WEBhttps://github.com/weaveworks/weave-gitops/pull/3102/commits/966823bbda8c539a4661e2a4f8607c9307ba6225
- WEBhttps://github.com/weaveworks/weave-gitops/pull/3114/commits/75268c4d2c8f7e4db22c63d76b451ba6545d117f
- WEBhttps://github.com/weaveworks/weave-gitops/security/advisories/GHSA-wr3c-g326-486c