Lucene search
Veracode Vulnerability DatabaseVERACODE:38926HistoryJan 19, 2023 - 9:52 a.m.
Information Disclosure
2023-01-1909:52:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
github
weave-gitops
information disclosure
encryption
sensitive data
vulnerability
EPSS
0.001
Percentile
17.8%
github.com/weaveworks/weave-gitops is vulnerable to Information Disclosure. The vulnerability exists due to missing encryption of data in gitops run which allows an attacker to gain access to sensitive data.
References
github.com/weaveworks/weave-gitops/commit/babd91574b99b310b84aeec9f8f895bd18acb967
github.com/weaveworks/weave-gitops/commit/ce2bbff0a3609c33396050ed544a5a21f8d0797f
github.com/weaveworks/weave-gitops/pull/3098
github.com/weaveworks/weave-gitops/pull/3098/commits/babd91574b99b310b84aeec9f8f895bd18acb967
github.com/weaveworks/weave-gitops/pull/3106
github.com/weaveworks/weave-gitops/pull/3106/commits/ce2bbff0a3609c33396050ed544a5a21f8d0797f
github.com/weaveworks/weave-gitops/security/advisories/GHSA-89qm-wcmw-3mgg
Related
nvd
nvd
CVE-2022-23509
2023-01-09 14:15:09
cvelist
cvelist
CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication
2023-01-09 13:01:08
osv
osv
CVE-2022-23509
2023-01-09 14:15:09
Gitops Run insecure communication in github.com/weaveworks/weave-gitops
2024-08-20 20:25:58
Gitops Run insecure communication
2023-01-09 19:45:35
prion
prion
Design/Logic Flaw
2023-01-09 14:15:00
cve
cve
CVE-2022-23509
2023-01-09 14:15:09
github
github
Gitops Run insecure communication
2023-01-09 19:45:35