CVE-2022-39272

Published Oct 22, 2022

Last updated a year ago

CVSS medium 4.3

Overview

Description: Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation.
Source: security-advisories@github.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-1284
security-advisories@github.com: CWE-1284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fluxcd:flux2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AA15FCA-BF23-4A33-B5A9-CF1505C01DE0",
            "versionEndExcluding": "0.35.0",
            "versionStartIncluding": "0.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:helm-controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93AE52F3-8925-4E23-A7ED-65CFB92ED9E2",
            "versionEndExcluding": "0.24.0",
            "versionStartIncluding": "0.0.2"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:helm-controller:0.0.1:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38162E9C-6889-4D29-82BF-D2C617F88F50"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:helm-controller:0.0.1:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5CE9371-54D5-458E-A946-8477944410F6"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:helm-controller:0.0.1:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B176EC42-7E4A-4062-8BC8-82193667439B"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:helm-controller:0.0.1:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "929AFCA0-4E79-45FD-89B6-F14805C0CA1E"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:helm-controller:0.0.1:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FC1DC45-EE36-4686-98AF-D3A69F766854"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:helm-controller:0.0.1:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "339DB8ED-0634-4D66-9899-475D103F535C"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:image-automation-controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E4844DA-E907-4B64-A26B-CED5711B13B8",
            "versionEndExcluding": "0.26.0",
            "versionStartIncluding": "0.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:image-reflector-controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19E335B1-AC15-475C-B47C-7F3847340F79",
            "versionEndExcluding": "0.22.0",
            "versionStartIncluding": "0.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "713AC396-2582-410E-9BFE-71E45F532FE1",
            "versionEndExcluding": "0.29.0",
            "versionStartIncluding": "0.0.2"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63A3589D-D348-4E8B-9DC2-80644036605A"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9D16141-22FF-4183-8FA0-9B92B9CA62B2"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADA62C3F-F192-41BC-BAD4-3B0F400F3F54"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B4165A5-17F9-4270-972D-AF1A0581841C"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:alpha5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "003F008D-3FC8-4D5D-AF86-BC4CFE14F0F4"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:alpha6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87BD8959-4DCC-4763-AA61-5FBB645A5981"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:alpha7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFB65A9C-8ABC-4759-BAC2-316CFA7E19A1"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:alpha8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E6ACF71-8B7B-4D52-B766-2D317F1F6F70"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:alpha9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3B8151F-102D-403B-BA6A-718913749FB4"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52096A03-1BBD-442A-8D96-2B8A452A8B31"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:kustomize-controller:0.0.1:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88284DA1-3D54-4430-B1B5-7D05AAF4913D"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:notification-controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0F26262-DD44-4FE4-9F47-CE40BFD1DCD3",
            "versionEndExcluding": "0.27.0",
            "versionStartIncluding": "0.0.2"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:notification-controller:0.0.1:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5635F7E7-C86E-49D6-AA18-8DCC25286978"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:notification-controller:0.0.1:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23DB3103-03EB-4985-B5A3-920BE262AB8D"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:notification-controller:0.0.1:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4C71093-D3A7-4F47-BEE5-4EED9C19C568"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:source-controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62DEB134-7AED-4EF4-AACB-59F0A4F1B778",
            "versionEndExcluding": "0.30.0",
            "versionStartIncluding": "0.0.2"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:source-controller:0.0.1:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58069EA3-088C-45B0-AFF3-4314C8409CC3"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:source-controller:0.0.1:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF8E4FA5-70F1-4705-B3C4-34E18AB9969F"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:source-controller:0.0.1:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E3B1CB6-A1DA-4811-B6AE-C83B2EC7748F"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:source-controller:0.0.1:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB5729D8-66B8-46BD-965E-463BAC5572CF"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:source-controller:0.0.1:alpha5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A04F6D7D-EDBB-441C-B622-6E75E55665D5"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:source-controller:0.0.1:alpha6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92C89BA6-2DD4-4A01-B688-007C1FB72E85"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:source-controller:0.0.1:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "871AD2C4-932F-4F70-914A-9D53569FF5E2"
          },
          {
            "criteria": "cpe:2.3:a:fluxcd:source-controller:0.0.1:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15A4025F-40CC-4605-A0FD-FA2AA0001332"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References