Open martidelviscovo opened 1 month ago
This issue is currently awaiting triage.
If kube-state-metrics contributors determine this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
There is a need for triaging here due to the critical vulnerability in kube-state-metrics.
CVE-2023-45288 vulnerability found in golang.org/x/net version 0.23.0.
After running a trivi scan on kube-state-metrics v2.12.0 this CVE persisted.
This is fixed in https://github.com/kubernetes/kube-state-metrics/pull/2385. Another release needs to be declared with this fixed.