漏洞标题
不当的定制文件路径处理允许路径遍历
漏洞描述信息
kustomization文件中路径处理不当可能导致路径遍历漏洞。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Improper path handling in kustomization files allows path traversal
漏洞描述信息
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Flux2 路径遍历漏洞
漏洞描述信息
kustomize-controller是一个 Kubernetes 操作员,专门为使用 Kubernetes 清单定义并使用 Kustomize 组装的基础设施和工作负载运行持续交付管道。Flux2是云原生计算基金会(Cloud Native Computing Foundation)的一种使 Kubernetes 集群与配置源保持同步的工具。 kustomize-controller v0.24.0之前版本和Flux2 v0.29.0之前版本存在路径遍历漏洞,攻击者利用该漏洞可以使用内置功能和特制的功
CVSS信息
N/A
漏洞类别
路径遍历