0.13.1 rbac-proxy has 5 critical CVEs - Githubissues

dragonflydb / dragonfly-operator

A Kubernetes operator to install and manage Dragonfly instances.

https://www.dragonflydb.io/docs/managing-dragonfly/operator/installation

Apache License 2.0

118 stars 24 forks source link

0.13.1 rbac-proxy has 5 critical CVEs #183

Closed trashhalo closed 1 month ago

trashhalo commented 1 month ago

https://github.com/dragonflydb/dragonfly-operator/blob/4fb96d79be8c90fe7ca736c65ca4700df425f789/config/default/manager_auth_proxy_patch.yaml#L34

Screenshot 2024-05-15 at 8 35 05 PM

current release is 0.17.1 https://github.com/brancz/kube-rbac-proxy/releases

trashhalo commented 1 month ago

https://security-tracker.debian.org/tracker/CVE-2023-24538 https://security-tracker.debian.org/tracker/CVE-2023-24540 https://security-tracker.debian.org/tracker/CVE-2023-29402 https://security-tracker.debian.org/tracker/CVE-2023-29404 https://security-tracker.debian.org/tracker/CVE-2023-29405