Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper path handling in kustomization files allows path traversal
Vulnerability Description
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Flux2 路径遍历漏洞
Vulnerability Description
kustomize-controller是一个 Kubernetes 操作员,专门为使用 Kubernetes 清单定义并使用 Kustomize 组装的基础设施和工作负载运行持续交付管道。Flux2是云原生计算基金会(Cloud Native Computing Foundation)的一种使 Kubernetes 集群与配置源保持同步的工具。 kustomize-controller v0.24.0之前版本和Flux2 v0.29.0之前版本存在路径遍历漏洞,攻击者利用该漏洞可以使用内置功能和特制的功
CVSS Information
N/A
Vulnerability Type
N/A