{"vulnerability": "CVE-2022-39272", "sightings": [{"uuid": "4fa42270-05fd-445e-a483-22204e31af64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39272", "type": "seen", "source": "https://t.me/cibsecurity/51955", "content": "\u203c CVE-2022-39272 \u203c\n\nFlux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T06:07:26.000000Z"}]}