and static files. Flux CLI versions 1.3.0 through 1.4.0 are vulnerable to this issue. The severity of the flaw is rated Medium due to the fact that it can be exploited by attackers to deploy arbitrary code into the target Kubernetes cluster. The Flux CLI is a tool for constructing, managing, and maintaining Kubernetes clusters. It acts as a centralized service for configuration management and is used to control the flow of updates to a cluster. It also provides end-to-end encryption of configuration data.
Flux is a Kubernetes configuration management tool that provides automated updates for cluster deployments. It does not use Flux CLI versions 1.3.0 through 1.4.0 to provide this functionality and thus is not vulnerable to the CVE-2022-36035 flaw in these versions of the Flux CLI.
Published on: 08/31/2022 15:15:00 UTC
Last modified on: 09/08/2022 03:28:00 UTC