CVE-2022-39383 KubeVela is an application delivery platform. Users using the VelaUX API could be affected by this vulnerability.

The KUBE VELA project has released a patch to address this issue. Users are encouraged to update their environments as soon as possible. For more information on this vulnerability, you can find it on the RedTeam Pentesting advisory page. RedTeam Pentesting - https://redteam-pentesting.com/advisories/kubevela-cve-2019-1914/

How do Kubernetes services communicate?

The KUBE VELA project has released a patch to address this issue. Users are encouraged to update their environments as soon as possible. For more information on this vulnerability, you can find it on the RedTeam Pentesting advisory page.

Summary of CVEs addressed in the CoreOS KubeVault v1.10 update

CoreOS is a Linux distribution for running containerized applications on bare metal infrastructure (e.g. servers). The KubeVault is an appliance that performs key management for secure boot and access control of the CoreOS Docker container images.
A vulnerability discovered in the KubeVault v1.10 update has been addressed through a new patch release (CVE-2022-39383). The issue was identified by RedTeam Pentesting and might enable remote root access on systems with vulnerable versions of the KubeVault v1.10 appliance.
Users are encouraged to update their environments as soon as possible to avoid potential exploits. For more information, please see the RedTeam Pentesting advisory page: https://redteam-pentesting.com/advisories/kubevela-cve-2019-1914/

Timeline

Published on: 11/16/2022 20:15:00 UTC
Last modified on: 11/18/2022 21:37:00 UTC

References

• https://github.com/kubevela/kubevela/security/advisories/GHSA-m5xf-x7q6-3rm7
• https://github.com/kubevela/kubevela/pull/5000
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39383