CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35975 – Improper object validation allows for arbitrary code execution in GitOps Tools Extension for VSCode
https://notcve.org/view.php?id=CVE-2022-35975
The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue. The only safe mitigation is to update to the latest version of the extension. La extensión de GitOps Tools para VSCode puede facilitar la administración de objetos Flux. • https://github.com/weaveworks/vscode-gitops-tools/security/advisories/GHSA-873x-829r-gxcp • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31098 – Weave GitOps leaked cluster credentials into logs on connection errors
https://notcve.org/view.php?id=CVE-2022-31098
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. • https://github.com/weaveworks/weave-gitops/commit/567356f471353fb5c676c77f5abc2a04631d50ca https://github.com/weaveworks/weave-gitops/security/advisories/GHSA-xggc-qprg-x6mw • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26278 – Weave Net Pods running in host PID namespace can be used to escalate other Kubernetes vulnerabilities
https://notcve.org/view.php?id=CVE-2020-26278
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is supplied with a manifest that runs pods on every node in a Kubernetes cluster, which are responsible for managing network connections for all other pods in the cluster. This requires a lot of power over the host, and the manifest sets `privileged: true`, which gives it that power. It also set `hostPID: true`, which gave it the ability to access all other processes on the host, and write anywhere in the root filesystem of the host. • https://github.com/weaveworks/weave/blob/master/CHANGELOG.md#release-280 https://github.com/weaveworks/weave/commit/a0ac81b3b4cae6d0dcaf3732fd91cedefc89f720 https://github.com/weaveworks/weave/pull/3876 https://github.com/weaveworks/weave/security/advisories/GHSA-pg3p-v8c6-c6h3 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35464
https://notcve.org/view.php?id=CVE-2020-35464
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password. Una versión 1.3.0 de la imagen de Docker de Weave Cloud Agent, contiene una contraseña en blanco para el usuario root. Los sistemas implementados con las versiones afectadas del contenedor Weave Cloud Agent pueden permitir a un atacante remoto alcanzar acceso root con una contraseña en blanco • https://github.com/donghyunlee00/CVE/blob/main/CVE-2020-35464 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11091 – Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements
https://notcve.org/view.php?id=CVE-2020-11091
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on the kernel cmdline), it will be either unconfigured or configured on some interfaces, but it's pretty likely that ipv6 forwarding is disabled, ie /proc/sys/net/ipv6/conf//forwarding == 0. Also by default, /proc/sys/net/ipv6/conf//accept_ra == 1. The combination of these 2 sysctls means that the host accepts router advertisements and configure the IPv6 stack using them. By sending rogue router advertisements, an attacker can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker controlled container. • https://github.com/weaveworks/weave/commit/15f21f1899060f7716c70a8555a084e836f39a60 https://github.com/weaveworks/weave/security/advisories/GHSA-59qg-grp7-5r73 • CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •