CVE-2022-39272 (flux2, helm-controller, image-automation-controller, image-reflector-controller, kustomize-controller, notification-controller, source-controller)
Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields),…