CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31077 – Malicious response from KubeEdge can crash CSI Driver controller server
https://notcve.org/view.php?id=CVE-2022-31077
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. • https://github.com/kubeedge/kubeedge/pull/3899 https://github.com/kubeedge/kubeedge/pull/3899/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701 https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x938-fvfw-7jh5 • CWE-476: NULL Pointer Dereference •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 1CVE-2022-31076 – Malicious Message can crash CloudCore in KubeEdge
https://notcve.org/view.php?id=CVE-2022-31076
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. • https://github.com/kubeedge/kubeedge/pull/3899/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701 https://github.com/kubeedge/kubeedge/security/advisories/GHSA-8f4f-v9x5-cg6j • CWE-476: NULL Pointer Dereference •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31034 – Insecure entropy in argo-cd
https://notcve.org/view.php?id=CVE-2022-31034
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. • https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0 https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v https://access.redhat.com/security/cve/CVE-2022-31034 https://bugzilla.redhat.com/show_bug.cgi?id=2096282 • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31016 – Argo CD vulnerable to Uncontrolled Memory Consumption
https://notcve.org/view.php?id=CVE-2022-31016
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. • https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq https://access.redhat.com/security/cve/CVE-2022-31016 https://bugzilla.redhat.com/show_bug.cgi?id=2096283 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31036 – Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
https://notcve.org/view.php?id=CVE-2022-31036
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. • https://github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm https://access.redhat.com/security/cve/CVE-2022-31036 https://bugzilla.redhat.com/show_bug.cgi?id=2096291 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •