Github.Com Fluxcd Helm-Controller vulnerabilities

CVE-2022-39272 [MEDIUM] CWE-20 Improper use of metav1.Duration allows for Denial of Service Improper use of metav1.Duration allows for Denial of Service Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire

CVE-2022-36049 [HIGH] CWE-400 Helm Controller denial of service Helm Controller denial of service Helm controller is tightly integrated with the Helm SDK. [A vulnerability](https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh) found in the Helm SDK allows for specific data inputs to cause high memory consumption, which in some platforms could cause the controller to panic and stop processing reconciliations. ### Impact In a shared cluster multi-tenancy environment, a tenant cou

CVE-2022-24817 [CRITICAL] CWE-94 Improper kubeconfig validation allows arbitrary code execution Improper kubeconfig validation allows arbitrary code execution Flux2 can reconcile the state of a remote cluster when provided with a [kubeconfig](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#file-references) with the correct access rights. `Kubeconfig` files can define [commands](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-g