CVE-2022-23509 : Weave GitOps is a simple open source developer platform for people who want clou

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local S3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information permitting access to the s3 bucket. From that point, it would be possible to alter the bucket content, resulting in changes in the Kubernetes cluster's resources. There are no known workaround(s) for this vulnerability. This vulnerability has been fixed by commits ce2bbff and babd915. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022.

Published 2023-01-09 14:15:10

Updated 2023-06-27 15:13:31

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2022-23509

Weave » Weave Gitops
Versions before (<) 0.12.0
cpe:2.3:a:weave:weave_gitops:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-23509

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-23509

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N	0.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None
7.3	HIGH	CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H	0.7	6.0	GitHub, Inc.
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-23509

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: security-advisories@github.com (Secondary)
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-23509

https://github.com/weaveworks/weave-gitops/pull/3106/commits/ce2bbff0a3609c33396050ed544a5a21f8d0797f

use HTTPS in `gitops run` S3 bucket server by makkes · Pull Request #3106 · weaveworks/weave-gitops · GitHub
Patch;Third Party Advisory
https://github.com/weaveworks/weave-gitops/pull/3098/commits/babd91574b99b310b84aeec9f8f895bd18acb967

Add HTTPS support to bucket server by makkes · Pull Request #3098 · weaveworks/weave-gitops · GitHub
Patch;Third Party Advisory
https://github.com/weaveworks/weave-gitops/security/advisories/GHSA-89qm-wcmw-3mgg

Gitops Run insecure communication · Advisory · weaveworks/weave-gitops · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-23509

Products affected by CVE-2022-23509

Exploit prediction scoring system (EPSS) score for CVE-2022-23509

CVSS scores for CVE-2022-23509

CWE ids for CVE-2022-23509

References for CVE-2022-23509