CVE-2022-35975

Name: CVE-2022-35975
Creator: NVD / NIST
Published: 2022-08-18T18:15:08.25+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.10%

Last modified Jun 17, 2026

CVE-2022-35975 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. EPSS estimates a 1.10% chance of exploitation in the next 30 days.

Description

The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue. The only safe mitigation is to update to the latest version of the extension.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.10%

61.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Weave	Gitops Tools	>= 0.7.0, <= 0.20.2

References

https://github.com/weaveworks/vscode-gitops-tools/security/advisories/GHSA-873x-829r-gxcpThird Party Advisory
https://github.com/weaveworks/vscode-gitops-tools/security/advisories/GHSA-873x-829r-gxcpThird Party Advisory

Timeline

Published: Aug 18, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-35975?

How severe is CVE-2022-35975?

CVE-2022-35975 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.10% probability of exploitation in the next 30 days.

How do I fix CVE-2022-35975?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-35975?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST