Vulnerabilities > Weave

DATE CVE VULNERABILITY TITLE RISK
2023-07-14 CVE-2023-34236 Information Exposure vulnerability in Weave Gitops Terraform Controller 0.15.0
Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way.
network
low complexity
weave CWE-200
6.5
2023-01-09 CVE-2022-23509 Cleartext Transmission of Sensitive Information vulnerability in Weave Gitops
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise.
local
low complexity
weave CWE-319
6.0
2023-01-09 CVE-2022-23508 Files or Directories Accessible to External Parties vulnerability in Weave Gitops
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise.
local
low complexity
weave CWE-552
7.8
2022-06-27 CVE-2022-31098 Information Exposure Through Log Files vulnerability in Weave Gitops
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise.
network
weave CWE-532
4.3
2021-01-20 CVE-2020-26278 Execution with Unnecessary Privileges vulnerability in Weave
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery.
7.9
2020-12-15 CVE-2020-35464 Missing Authentication for Critical Function vulnerability in Weave Cloud Agent 1.3.0
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user.
network
low complexity
weave CWE-306
critical
10.0
2020-06-03 CVE-2020-11091 Reliance on Reverse DNS Resolution for a Security-Critical Action vulnerability in Weave NET
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service.
network
weave CWE-350
3.5