Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39383

KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're using v1.6, please update the v1.6.1. Users who're using v1.5, please update the v1.5.8. There are no known workarounds for this issue.

Published

2022-11-16T20:15:10.437

Last Modified

2024-11-21T07:18:10.910

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-918
Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	kubevela	< 1.5.9	Yes
Application	linuxfoundation	kubevela	< 1.6.2	Yes

References

https://github.com/kubevela/kubevela/pull/5000 Patch, Third Party Advisory ([email protected])
https://github.com/kubevela/kubevela/security/advisories/GHSA-m5xf-x7q6-3rm7 Third Party Advisory ([email protected])
https://github.com/kubevela/kubevela/pull/5000 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/kubevela/kubevela/security/advisories/GHSA-m5xf-x7q6-3rm7 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)