How severe is CVE-2022-41939?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2022-41939?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2022-41939 - HIGH Severity | CVSS 7.4

Vulnerability Description

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.

Related Vulnerabilities

CVE-2016-2084

HIGH

CVSS:7.4(High)

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6...

CWE-2002016

CVE-2016-3664

HIGH

CVSS:7.4(High)

Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obta...

CWE-2002016

CVE-2016-8495

HIGH

CVSS:7.4(High)

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MIT...

CWE-2002016

CVE-2017-14709

HIGH

CVSS:7.4(High)

The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CWE-2002017

CVE-2017-7520

HIGH

CVSS:7.4(High)

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

CWE-2002017

CVE-2019-5880

HIGH

CVSS:7.4(High)

Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2002019