Bitnami/flux — 6 CVEs

CRITICAL9.9CVE-2022-24817Improper kubeconfig validation allows arbitrary code execution

>= 0.1.0, < 0.29.0

CRITICAL9.9CVE-2022-24877Improper path handling in kustomization files allows path traversal

from 0, < 0.29.0

HIGH7.7CVE-2022-36049Flux2 Helm Controller denial of service

>= 0.0.17, < 0.32.0

HIGH7.7Flux CLI Workload Injection

>= 0.21.0, < 0.32.0

HIGH7.7Improper path handling in Kustomization files allows for denial of service

from 0, < 0.29.0

MEDIUM5.0Flux2 vulnerable to Denial of Service due to Improper use of metav1.Duration

>= 0.1.0, < 0.35.0

pkg:Bitnami/flux