apk package

chainguard/kubevela

pkg:apk/chainguard/kubevela

Vulnerabilities (63)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-39272	—	< 1.9.9-r0	1.9.9-r0	Oct 21, 2022	Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fi
CVE-2020-8559	—	< 1.10.2-r4	1.10.2-r4	Jul 22, 2020	The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
CVE-2020-8552	—	< 0	0	Mar 27, 2020	The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

CVE-2022-39272Oct 21, 2022
affected < 1.9.9-r0fixed 1.9.9-r0
Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fi
CVE-2020-8559Jul 22, 2020
affected < 1.10.2-r4fixed 1.10.2-r4
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
CVE-2020-8552Mar 27, 2020
affected < 0fixed 0
The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

Page 4 of 4