Go modules package
github.com/fluxcd/helm-controller
pkg:golang/github.com/fluxcd/helm-controller
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-39272 | — | >= 0.0.1-alpha-1, < 0.24.0 | 0.24.0 | Oct 21, 2022 | Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fi | ||
| CVE-2022-36049 | — | >= 0.0.4, < 0.23.0 | 0.23.0 | Sep 7, 2022 | Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found i | ||
| CVE-2022-24817 | — | >= 0.2.0, < 0.19.0 | 0.19.0 | May 6, 2022 | Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployment |
- CVE-2022-39272Oct 21, 2022affected >= 0.0.1-alpha-1, < 0.24.0fixed 0.24.0
Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fi
- CVE-2022-36049Sep 7, 2022affected >= 0.0.4, < 0.23.0fixed 0.23.0
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found i
- CVE-2022-24817May 6, 2022affected >= 0.2.0, < 0.19.0fixed 0.19.0
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployment