CVE-2022-39272

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39272

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39272.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-39272

Aliases

Related

CGA-gvfg-4mjf-pf84

Published

2022-10-22T00:15:09Z

Modified

2024-10-12T10:05:42.934795Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields .spec.interval and .spec.timeout, however upgrading to the latest versions is still the recommended mitigation.

References

Affected packages

Git / github.com/fluxcd/helm-controller

Affected ranges

Type: GIT
Repo: https://github.com/fluxcd/helm-controller
Events: Introduced

4379ef33a8d4a7ea969fa5e3142de001e6c1323c

Fixed

56e36da8c15fe4aef06d257c3295044e53874cab

Type: GIT
Repo: https://github.com/fluxcd/kustomize-controller
Events: Introduced

8e16bd4c926846959f7996648223d22ef29b6648

Fixed

367741b6221fa77fc0b623107f9ea6f8b16e3e5e

Type: GIT
Repo: https://github.com/fluxcd/notification-controller
Events: Introduced

a66409c52bcafc8deaa50401b42576c0e562eded

Fixed

8fb1e1dd7c0057bf3fda3074194d6fe1c76498eb

Type: GIT
Repo: https://github.com/fluxcd/source-controller
Events: Introduced

6966ac06aa105b94767926d3e9561a9dd4966a0e

Fixed

b30096e37d88f7b37684322d6aa2e86e420fe659

Affected versions

api/v0.*

api/v0.0.10

api/v0.0.11

api/v0.0.9

api/v0.1.0

api/v0.1.1

api/v0.1.2

api/v0.1.3

api/v0.10.0

api/v0.10.1

api/v0.11.0

api/v0.11.1

api/v0.11.2

api/v0.12.0

api/v0.12.1

api/v0.12.2

api/v0.13.0

api/v0.13.1

api/v0.13.2

api/v0.13.3

api/v0.14.0

api/v0.14.1

api/v0.15.0

api/v0.15.1

api/v0.15.2

api/v0.15.3

api/v0.15.4

api/v0.15.5

api/v0.16.0

api/v0.16.1

api/v0.17.0

api/v0.17.1

api/v0.17.2

api/v0.18.0

api/v0.18.1

api/v0.18.2

api/v0.19.0

api/v0.19.1

api/v0.19.2

api/v0.2.0

api/v0.2.1

api/v0.2.2

api/v0.2.3

api/v0.20.0

api/v0.20.1

api/v0.20.2

api/v0.21.0

api/v0.21.1

api/v0.21.2

api/v0.22.0

api/v0.22.1

api/v0.22.2

api/v0.22.3

api/v0.22.4

api/v0.22.5

api/v0.23.0

api/v0.23.1

api/v0.23.2

api/v0.23.3

api/v0.23.4

api/v0.23.5

api/v0.24.0

api/v0.24.1

api/v0.24.2

api/v0.24.3

api/v0.24.4

api/v0.25.0

api/v0.25.1

api/v0.25.2

api/v0.25.3

api/v0.25.4

api/v0.25.5

api/v0.25.6

api/v0.25.7

api/v0.25.8

api/v0.25.9

api/v0.26.0

api/v0.26.1

api/v0.26.2

api/v0.26.3

api/v0.27.0

api/v0.27.1

api/v0.28.0

api/v0.28.1

api/v0.29.0

api/v0.3.0

api/v0.30.0

api/v0.30.1

api/v0.31.0

api/v0.31.1

api/v0.31.2

api/v0.32.0

api/v0.32.1

api/v0.32.2

api/v0.33.0

api/v0.34.0

api/v0.34.1

api/v0.34.2

api/v0.4.0

api/v0.4.1

api/v0.4.2

api/v0.4.3

api/v0.4.4

api/v0.5.0

api/v0.5.1

api/v0.5.2

api/v0.5.3

api/v0.5.4

api/v0.5.5

api/v0.5.6

api/v0.6.0

api/v0.6.1

api/v0.6.2

api/v0.6.3

api/v0.7.0

api/v0.7.1

api/v0.7.2

api/v0.7.3

api/v0.7.4

api/v0.8.0

api/v0.8.1

api/v0.8.2

api/v0.9.0

api/v0.9.1

api/v0.9.2

api/v0.9.3

v0.*

v0.0.10

v0.0.11

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.10.0

v0.10.1

v0.11.0

v0.11.1

v0.11.2

v0.12.0

v0.12.1

v0.12.2

v0.13.0

v0.13.1

v0.13.2

v0.13.3

v0.14.0

v0.14.1

v0.15.0

v0.15.1

v0.15.2

v0.15.3

v0.15.4

v0.15.5

v0.16.0

v0.16.1

v0.17.0

v0.17.1

v0.17.2

v0.18.0

v0.18.1

v0.18.2

v0.19.0

v0.19.1

v0.19.2

v0.2.0

v0.2.1

v0.2.2

v0.20.0

v0.20.1

v0.20.2

v0.21.0

v0.21.1

v0.21.2

v0.22.0

v0.22.1

v0.22.2

v0.22.3

v0.22.4

v0.22.5

v0.23.0

v0.23.1

v0.23.2

v0.23.3

v0.23.4

v0.23.5

v0.24.0

v0.24.1

v0.24.2

v0.24.3

v0.24.4

v0.25.0

v0.25.1

v0.25.2

v0.25.3

v0.25.4

v0.25.5

v0.25.6

v0.25.7

v0.25.8

v0.25.9

v0.26.0

v0.26.1

v0.26.2

v0.26.3

v0.27.0

v0.27.1

v0.28.0

v0.28.1

v0.29.0

v0.3.0

v0.30.0

v0.30.1

v0.31.0

v0.31.1

v0.31.2

v0.32.0

v0.32.1

v0.32.2

v0.33.0

v0.34.0

v0.34.1

v0.34.2

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.8.0

v0.8.1

v0.8.2

v0.9.0

v0.9.1

v0.9.2

v0.9.3