Vulnerability Details CVE-2022-41939
knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.6%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2022-41939
-
cpe:2.3:a:linuxfoundation:knative_func:-
-
cpe:2.3:a:linuxfoundation:knative_func:0.0.16
-
cpe:2.3:a:linuxfoundation:knative_func:0.0.17
-
cpe:2.3:a:linuxfoundation:knative_func:0.0.18
-
cpe:2.3:a:linuxfoundation:knative_func:0.0.19
-
cpe:2.3:a:linuxfoundation:knative_func:0.1.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.10.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.11.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.12.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.12.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.13.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.14.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.15.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.15.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.16.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.17.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.17.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.18.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.19.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.2.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.2.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.2.2
-
cpe:2.3:a:linuxfoundation:knative_func:0.20.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.21.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.21.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.21.2
-
cpe:2.3:a:linuxfoundation:knative_func:0.22.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.22.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.23.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.23.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.24.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.25.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.25.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.26.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.3.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.34.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.34.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.35.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.35.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.4.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.5.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.6.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.6.1
-
cpe:2.3:a:linuxfoundation:knative_func:0.6.2
-
cpe:2.3:a:linuxfoundation:knative_func:0.7.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.8.0
-
cpe:2.3:a:linuxfoundation:knative_func:0.9.0
-
cpe:2.3:a:linuxfoundation:knative_func:1.7.0
-
cpe:2.3:a:linuxfoundation:knative_func:1.7.1
-
cpe:2.3:a:linuxfoundation:knative_func:1.7.1.0
-
cpe:2.3:a:linuxfoundation:knative_func:1.8.0