Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2022-39272
HistoryOct 22, 2022 - 12:15 a.m.

CVE-2022-39272

2022-10-2200:15:09
Alpine Linux Development Team
security.alpinelinux.org
1
flux
kubernetes
denial of service
dos
security vulnerability
version 0.35.0
admission controllers
patched

CVSS3

5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

AI Score

6.7

Confidence

Low

JSON

Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields .spec.interval and .spec.timeout, however upgrading to the latest versions is still the recommended mitigation.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchflux< 0.36.0-r0UNKNOWN

Related

cgr 1
cve 1
nvd 1
cvelist 1
prion 1
osv 5
github 1
veracode 1
wolfi 1
cgr
cgr
CVE-2022-39272 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2022-39272
2022-10-22 00:15:09
nvd
nvd
CVE-2022-39272
2022-10-22 00:15:09
cvelist
cvelist
CVE-2022-39272 Flux2 vulnerable to Denial of Service due to Improper use of metav1.Duration
2022-10-21 00:00:00
prion
prion
Design/Logic Flaw
2022-10-22 00:15:00
osv
osv
CVE-2022-39272
2022-10-22 00:15:09
Denial of service in flux controllers in github.com/fluxcd modules
2022-10-28 16:07:05
BIT-kustomize-2022-39272
2024-03-06 10:55:08
github
github
Improper use of metav1.Duration allows for Denial of Service
2022-10-19 18:40:02
veracode
veracode
Denial Of Service (DoS)
2022-10-25 06:53:39
wolfi
wolfi
CVE-2022-39272 vulnerabilities
2024-09-30 09:32:54

CVSS3

5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

AI Score

6.7

Confidence

Low

JSON
Related for ALPINE:CVE-2022-39272
cgr1cve1nvd1cvelist1prion1osv5github1veracode1wolfi1