CVE-2022-39383

Name of the Vulnerable Software and Affected Versions KubeVela versions 1.5 through 1.5.7 KubeVela versions 1.6 through 1.6.0

Description KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this issue. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability.

Recommendations For versions 1.5 through 1.5.7, update to version 1.5.8 or later. For versions 1.6 through 1.6.0, update to version 1.6.1 or later. As a temporary workaround, consider restricting the request address of the warehouse when using Helm Chart as the component delivery method until a patch is available.