kiwigrid/k8s-sidecar:1.22.3 affected with CVE-2023-0286

kiwigrid / k8s-sidecar

This is a docker container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder.

MIT License

613 stars 183 forks source link

kiwigrid/k8s-sidecar:1.22.3 affected with CVE-2023-0286 #260

Closed blafry closed 1 year ago

blafry commented 1 year ago

Hi. Latast version of k8s-sidecar have openssl vulnerabilities. Version v1.22.3 uses Alpine Linux 3.16.3, fixed version is available in 3.16.4.

Can you upgrade the base image version?

Thanks

jekkel commented 1 year ago

I'd expect dependabot to propose that, which did not yet happen. Is there an updated base image available?

blafry commented 1 year ago

I scanned again, had an typo in tag. The latest version is not vulnerable. Sorry for the confusion