Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High vulnerabilities #1669

Closed
jchipmunk opened this issue Aug 5, 2022 · 2 comments
Closed

High vulnerabilities #1669

jchipmunk opened this issue Aug 5, 2022 · 2 comments
Assignees
@Rasek91
Projects
Bank-Vaults

Comments

@jchipmunk
Copy link

Describe the bug:
I found some high vulnerabilities in vault-env Docker image for version 1.15.3:

Severity VulnerabilityID Package Name Package Version Fixed Versions
High CVE-2021-43565 golang.org/x/crypto 0.0.0-20210817164053-32db794688a5 ["0.0.0-20211202192323-5770296d904e"]
High CVE-2022-27191 golang.org/x/crypto 0.0.0-20210817164053-32db794688a5 ["0.0.0-20220314234659-1baeb1ce4c0b"]
High CVE-2022-30065 busybox 1.35.0-r13 ["1.35.0-r15"]

/kind bug
@defesteban
Copy link

Hello!

The new vault-env version (1.16.0) has a new vulnerability related to Go

Severity VulnerabilityID Package Name Package Version Fixed Versions
High CVE-2022-27664 github.com/golang/go 1.19 ["1.18.6", "1.19.1"]

@bonifaido bonifaido added this to To do in Bank-Vaults via automation Oct 26, 2022
@Rasek91 Rasek91 self-assigned this Oct 27, 2022
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jan 21, 2024
@ramizpolic ramizpolic removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jan 22, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Mar 24, 2024
@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Mar 24, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label May 26, 2024
@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label May 26, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot May 26, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot May 26, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot May 26, 2024
@csatib02
Copy link
Member

Closing: These packages are constantly updated, in both Vault-Env and Secret-Init, The mentioned vulnerabilities have been updated.

Bank-Vaults automation moved this from To do to Done May 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rasek91 Rasek91

Labels
None yet
Projects
Bank-Vaults
  
Done
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jchipmunk @defesteban @ramizpolic @Rasek91 @csatib02