CVE-2022-31098 Weave GitOps is a simple open source developer platform for cloud native applications.

CVE-2022-31098 Weave GitOps is a simple open source developer platform for cloud native applications.

and their service account tokens. An attacker could then use these credentials to either view sensitive configurations of a cluster, for example, the KubeConfg, or start a pod of a Weave application. Depending on the potential impact of the vulnerability, the severity would be determined by the type and impact of the action taken by the attacker. An authenticated remote attacker could cause a denial of service (DoS) or potentially cause data exfiltration from the cluster, for example, by reading sensitive configurations from the KubeConfg, or start a pod on a Weave application. Furthermore, an attacker could also potentially exploit this vulnerability to start a pod of a Weave application. A remote attacker could potentially exploit this vulnerability to view sensitive configurations of a cluster, for example, the KubeConfg, or start a pod of a Weave application. An attacker could then use these credentials to either view sensitive configurations of a cluster, for example, the KubeConfg, or start a pod of a Weave application. Depending on the potential impact of the vulnerability, the severity would be determined by the type and impact of the action taken by the attacker. An authenticated remote attacker could cause a denial of service (DoS) or potentially cause data exfiltration from the cluster, for example, by reading sensitive configurations from the KubeConfg, or start a pod on a Weave application

Affected Pods Weave

Cluster: master-2
KubeConfig:
$ kubectl get configmap -n weave --all-namespaces | grep weave.master.name
weave.master.name=master-2

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe