Please take cognisance of CVE-2023-29491 and solution a fix in quay.io/jaegertracing/jaeger-operator, quay.io/k8s-sidecar and quay.io/kiali/kiali-operator

kiwigrid / k8s-sidecar

This is a docker container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder.

MIT License

613 stars 183 forks source link

Please take cognisance of CVE-2023-29491 and solution a fix in quay.io/jaegertracing/jaeger-operator, quay.io/k8s-sidecar and quay.io/kiali/kiali-operator #312

Open shrikant-rajappan opened 1 year ago

shrikant-rajappan commented 1 year ago

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491

ChristianGeie commented 9 months ago

@shrikant-rajappan thanks for the report.

Do you have a way I can understand / reproduce the issue? My scan of the latest version k8s-sidecar:1.25.6 using trivy:latest shows no affected CVE.

github-actions[bot] commented 2 months ago

This issue has been automatically marked as stale because it has not had any activity in the last 60 days. Thank you for your contributions.