CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
Vulnerabilities for packages: flux-helm-controller, flux-source-controller, vexctl, k8sgpt, tkn, scorecard, istio-operator, chartmuseum, policy-controller, ko, neuvector-sigstore-interface, kyverno, docker-credential-gcr, neuvector, zot, cilium-cli, cri-tools, teleport, dagdotdev, docker-compose, aactl, traefik, helm, skopeo, trivy, apko, flux-image-reflector-controller, syft, paranoia, guac, k3d, tekton-pipelines, harbor-scanner-trivy, bom, prometheus, cosign, timoni, buildah, dagger, grafana-alloy, istio-pilot-discovery, k3s, neuvector-scanner, dive, kargo, datadog-agent, falcoctl, gatekeeper, gitsign, flux, vcluster, kpt, newrelic-infrastructure-agent, tekton-chains, helm-operator, helm-push, docker, rancher-fleet, istio-pilot-agent, harbor, nerdctl, telegraf, filebeat, gh, grype, kubescape, cadvisor, crossplane, loki, buf, zarf, kots, ctop, slsa-verifier, wolfictl, cert-manager-cmctl, eksctl, up, opentelemetry-collector-contrib, melange, goreleaser, k9s
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Wolfi | unknown | x86_64 | aactl | <= 0.4.12-r16 | aactl-0.4.12-r16.apk |
Wolfi | unknown | aarch64 | aactl | <= 0.4.12-r16 | aactl-0.4.12-r16.apk |
Wolfi | unknown | x86_64 | apko | <= 0.17.0-r1 | apko-0.17.0-r1.apk |
Wolfi | unknown | aarch64 | apko | <= 0.17.0-r1 | apko-0.17.0-r1.apk |
Wolfi | unknown | x86_64 | bom | <= 0.6.0-r8 | bom-0.6.0-r8.apk |
Wolfi | unknown | aarch64 | bom | <= 0.6.0-r8 | bom-0.6.0-r8.apk |
Wolfi | unknown | x86_64 | buf | <= 1.35.1-r1 | buf-1.35.1-r1.apk |
Wolfi | unknown | aarch64 | buf | <= 1.35.1-r1 | buf-1.35.1-r1.apk |
Wolfi | unknown | x86_64 | buildah | <= 1.37.0-r0 | buildah-1.37.0-r0.apk |
Wolfi | unknown | aarch64 | buildah | <= 1.37.0-r0 | buildah-1.37.0-r0.apk |