search

Azure / secrets-store-csi-driver-provider-azure

Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
https://azure.github.io/secrets-store-csi-driver-provider-azure/
MIT License
438 stars 194 forks source link

Usage of an outdated telegraf 1.21 version #1543

Closed siprbaum closed 4 months ago

siprbaum commented 5 months ago

You are using quite an old version of telegraf (version 1.21), see https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/6dce6a9d51401ab8f11cf10f8b64d06c700eb481/charts/csi-secrets-store-provider-azure/templates/arc-monitoring.yaml#L86C19-L86C79

This shows up for us in a security monitoring with CVE-2021-3999 for glibc.

Nevertheless, it seems that upstream is not even maintaining the docker container for 1.21 anymore, as even the dockerfile was removed in https://github.com/influxdata/influxdata-docker/commit/4ad7a32b90eae8c71a5d685050837c850cf4f365 at 2022-09-12.

Please be so kind and provide an updated version which uses maintained software, staying up-to-date on security issues.

docker scout output: image

So even a simple update of the base image would reduce the critical findings.

github-actions[bot] commented 5 months ago

This issue is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days.

github-actions[bot] commented 4 months ago

This issue is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days.

github-actions[bot] commented 4 months ago

This issue was closed because it has been stalled for 21 days with no activity. Feel free to re-open if you are experiencing the issue again.