Vulnerabilities > Weave
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-14 | CVE-2023-34236 | Information Exposure vulnerability in Weave Gitops Terraform Controller 0.15.0 Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. | 6.5 |
| 2023-01-09 | CVE-2022-23509 | Cleartext Transmission of Sensitive Information vulnerability in Weave Gitops Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. | 6.0 |
| 2023-01-09 | CVE-2022-23508 | Files or Directories Accessible to External Parties vulnerability in Weave Gitops Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. | 7.8 |
| 2022-08-18 | CVE-2022-35976 | Unspecified vulnerability in Weave Gitops Tools The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. | 9.8 |
| 2022-08-18 | CVE-2022-35975 | Unspecified vulnerability in Weave Gitops Tools The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. | 9.8 |
| 2022-06-27 | CVE-2022-31098 | Information Exposure Through Log Files vulnerability in Weave Gitops Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. | 7.5 |
| 2021-01-20 | CVE-2020-26278 | Execution with Unnecessary Privileges vulnerability in Weave Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. | 8.0 |
| 2020-12-15 | CVE-2020-35464 | Missing Authentication for Critical Function vulnerability in Weave Cloud Agent 1.3.0 Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. | 9.8 |
| 2020-06-03 | CVE-2020-11091 | Reliance on Reverse DNS Resolution for a Security-Critical Action vulnerability in Weave NET In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. | 5.8 |