Please take cognisance of CVE-2023-29491 and solution a fix in quay.io/jaegertracing/jaeger-operator, quay.io/k8s-sidecar and quay.io/kiali/kiali-operator

kiwigrid / k8s-sidecar

This is a docker container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder.

MIT License

552 stars 181 forks source link

Please take cognisance of CVE-2023-29491 and solution a fix in quay.io/jaegertracing/jaeger-operator, quay.io/k8s-sidecar and quay.io/kiali/kiali-operator #312

Open shrikant-rajappan opened 8 months ago

shrikant-rajappan commented 8 months ago

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491

ChristianGeie commented 5 months ago

@shrikant-rajappan thanks for the report.

Do you have a way I can understand / reproduce the issue? My scan of the latest version k8s-sidecar:1.25.6 using trivy:latest shows no affected CVE.