CVE-2022-24877
CRITICAL9.9EPSS 0.62%Improper path handling in kustomization files allows path traversal in github.com/fluxcd/flux2
發布日:2022/5/4修改日:2026/2/4
描述
Improper path handling in kustomization files allows path traversal in github.com/fluxcd/flux2
受影響套件(6)
- Bitnami/fluxfrom 0, < 0.29.0
- Bitnami/kustomizefrom 0, < 0.24.0
- Go/github.com/fluxcd/flux2from 0, < 0.29.0
- Go/github.com/fluxcd/flux2from 0, < 0.29.0
- Go/github.com/fluxcd/kustomize-controllerfrom 0, < 0.24.0
- Go/github.com/fluxcd/kustomize-controllerfrom 0, < 0.24.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.9 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-24877
- PATCHgithub.com/fluxcd/kustomize-controller
- WEBhttps://github.com/fluxcd/flux2/security/advisories/GHSA-j77r-2fxf-5jrw
- WEBhttps://github.com/fluxcd/kustomize-controller/commit/f4528fb25d611da94e491346bea056d5c5c3611f
- WEBhttps://github.com/fluxcd/pkg/commit/0ec014baf417fd3879d366a45503a548b9267d2a