← Back to CVE List

CVE-2022-41939

Published: 2022-11-19T01:15Z
Last Modified: 2024-11-21T07:24Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt