A new Security vulnerability: CVE-2023-0286 found in icr.io/portieris/portieris:v0.13.3 image

IBM / portieris

A Kubernetes Admission Controller for verifying image trust.

Apache License 2.0

332 stars 78 forks source link

A new Security vulnerability: CVE-2023-0286 found in icr.io/portieris/portieris:v0.13.3 image #435

Closed Sachpat closed 1 year ago

Sachpat commented 1 year ago

Hi,

Our security scans (Whitesource/Mend) found a High vulnerability for Portieris v0.13.3 image.

Component: openssl-libs-1.1.1k-7.el8_6.x86_64.rpm

Vulnerability: (High) https://nvd.nist.gov/vuln/detail/CVE-2023-0286

The fix seems to be available in openssl-3.0.8 and OpenSSL_1_1_1t. Perhaps, updating to 1.1.1t seems to be an easy fix.

Can you address this as soon as possible? :)

Kind regards, Sachin

sjhx commented 1 year ago

Thanks Sachin, actually I am already working on it https://github.com/IBM/portieris/pull/434 I hope to release later today.

sjhx commented 1 year ago

released https://github.com/IBM/portieris/releases/tag/v0.13.4

Sachpat commented 1 year ago

released https://github.com/IBM/portieris/releases/tag/v0.13.4

Thanks Sachin, actually I am already working on it #434 I hope to release later today.

Thanks for the quick fix @sjhx