Information Exposure Affecting github.com/weaveworks/weave-gitops package, versions <0.8.1-rc.6
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
0.16% (52nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMWEAVEWORKSWEAVEGITOPS-2934975
- published 24 Jun 2022
- disclosed 23 Jun 2022
- credit Stefan Prodan
Introduced: 23 Jun 2022
CVE-2022-31098 Open this link in a new tabHow to fix?
Upgrade github.com/weaveworks/weave-gitops
to version 0.8.1-rc.6 or higher.
Overview
github.com/weaveworks/weave-gitops is a developer platform for people who want cloud native applications, without needing Kubernetes expertise.
Affected versions of this package are vulnerable to Information Exposure. It leaked cluster credentials into logs on connection errors.