Incorrect CVE link in Ingress ALB change log

ibm-cloud-docs / containers

IBM Bluemix Container Service documentation

https://console.bluemix.net/docs/containers/container_index.html

48 stars 122 forks source link

Incorrect CVE link in Ingress ALB change log #2646

Closed nfutami closed 2 years ago

nfutami commented 2 years ago

In Ingress ALB change log for 1.2.1 (https://cloud.ibm.com/docs/containers?topic=containers-cluster-add-ons-changelog#1_2_1), the link to CVE-2022-3209 of the latest release "Version 1.2.1_2506_iks (default), released 25 August 2022" seems incorrect as it shows the following error.

ERROR: Couldn't find 'CVE-2022-3209'

Please correct the link.

mtreible-ibm commented 2 years ago

Hi @nfutami. I talked to the developer who provided that change log and they said the CVE number is correct, but we aren't sure why it's not picked up by MITRE. For now, however, you can view the info at the IBM X-force Exchange here: https://exchange.xforce.ibmcloud.com/vulnerabilities/234492

Thank you.

attritionorg commented 2 years ago

There is a Libxml vuln assigned 2022-2309 which may be what was intended.

mtreible-ibm commented 2 years ago

@attritionorg Thank you for the info. I brought this up with the developer and we both think this is a separate vulnerability, as it also exists in the IBM X-force Exchange (https://exchange.xforce.ibmcloud.com/vulnerabilities/230470).

I'm going to close this issue for now and will continue to monitor the CVE website to see if the info becomes available. Thanks again.

attritionorg commented 2 years ago

Appreciate the follow up!