search

kubernetes / kube-state-metrics

Add-on agent to generate and expose cluster-level metrics.
https://kubernetes.io/docs/concepts/cluster-administration/kube-state-metrics/
Apache License 2.0
5.2k stars 1.92k forks source link

CVE-2023-45288 in golang.org/x/net #2393

Open martidelviscovo opened 1 month ago

martidelviscovo commented 1 month ago

CVE-2023-45288 vulnerability found in golang.org/x/net version 0.23.0.

After running a trivi scan on kube-state-metrics v2.12.0 this CVE persisted.

This is fixed in https://github.com/kubernetes/kube-state-metrics/pull/2385. Another release needs to be declared with this fixed.

k8s-ci-robot commented 1 month ago

This issue is currently awaiting triage.

If kube-state-metrics contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
martidelviscovo commented 3 weeks ago

There is a need for triaging here due to the critical vulnerability in kube-state-metrics.