CVE-2022-38790
N/A
N/A
Summary
Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.weave.works/product/gitops-enterprise/
- https://docs.gitops.weave.works/docs/intro
- https://docs.gitops.weave.works/docs/cluster-management/getting-started/#profiles-and-clusters
- https://docs.gitops.weave.works/security/cve/enterprise/CVE-2022-38790/index.html
References
- https://www.weave.works/product/gitops-enterprise/
- https://docs.gitops.weave.works/docs/intro
- https://docs.gitops.weave.works/docs/cluster-management/getting-started/#profiles-and-clusters
- https://docs.gitops.weave.works/security/cve/enterprise/CVE-2022-38790/index.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.