Weaveworks Weave-Gitops vulnerabilities

CVE-2022-23508 [HIGH] CWE-284 CVE-2022-23508: Weave GitOps is a simple open source developer platform for people who want cloud native application Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a

CVE-2022-23509 [MEDIUM] CWE-200 CVE-2022-23509: Weave GitOps is a simple open source developer platform for people who want cloud native application Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local S3 bucket is not encrypted. This al

CVE-2022-31098 [HIGH] CWE-532 CVE-2022-31098: Weave GitOps is a simple open source developer platform for people who want cloud native application Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service accoun