Azure / secrets-store-csi-driver-provider-azure

Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
https://azure.github.io/secrets-store-csi-driver-provider-azure/
MIT License
437 stars 193 forks source link

CVE-2024-24790 in Kubernetes CSI images #1634

Closed sdx-jkataja closed 1 week ago

sdx-jkataja commented 2 months ago

What steps did you take and what happened: Image vulnerability scan

What did you expect to happen: Please update Kubernetes CSI images to patch CVE-2024-24790 vulnerability in Go, once available The following images are affected:

The images are also based on Debian 11 which is at end of regular life. Newer Kubernetes CSI images are based on Debian 12.

Anything else you would like to add: The next released versions should contain the patches

sdx-jkataja commented 2 months ago

Fix versions are now available:

github-actions[bot] commented 1 week ago

This issue is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days.

sdx-jkataja commented 1 week ago

Fixed in the current chart images