Garden-Io Garden vulnerabilities
2 known vulnerabilities affecting garden-io/garden.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2022-24829P2CRITICALCVSS 9.8fixed in 0.12.392022-04-11
CVE-2022-24829 [CRITICAL] CWE-306 CVE-2022-24829: Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.3
Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api endpoint on the local server that is responsible for
nvd
CVE-2023-44392P3CRITICALCVSS 9.0fixed in 0.12.65v>= 0.13.0, < 0.13.172023-10-09
CVE-2023-44392 [CRITICAL] CWE-94 CVE-2023-44392: Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.1
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the Kubernetes `ConfigMap` resources prefixed with `test-res
nvd