Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Flux2 Helm Controller denial of service
Vulnerability Description
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Flux2 资源管理错误漏洞
Vulnerability Description
Flux2是云原生计算基金会(Cloud Native Computing Foundation)的一种使 Kubernetes 集群与配置源保持同步的工具。 Flux2 v0.0.17至v0.32.0之前版本和helm-controller v0.0.4至v0.23.0之前版本存在资源管理错误漏洞,该漏洞源于允许特定数据输入导致高内存消耗,这可能会导致控制器恐慌并停止处理对账。在共享集群多租户环境中,租户可以创建一个HelmRelease使控制器恐慌,拒绝协调所有其他租户的Helm版本。
CVSS Information
N/A
Vulnerability Type
N/A