cvedb.io
CVE-2022-38790
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2022-09-01T13:15:09.070 · Last modified 2026-06-17T04:57:10.673

Summary

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource.

Affected products

weave.works — gitops

Does this affect you?

Add your gear to cvedb and we'll alert you only when weave.works ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.