Yes, we have Vulnerability scanning tool which scans our k8s pods frequently and it identified past due vulnerabilities in our NATS config reloader and prometheus exporter pods
Given the capability you are leveraging, describe your expectation?
New NATS images should be released that contain fixes to the following CVEs
Config reloader:CVE-2023-6129 (openssl)
CVE-2023-6237 (openssl)
CVE-2024-0727 (openssl)
What version were you using?
OpenSSL past due vulnerabilities detected in config-reloader and prometheus exporter images
What environment was the server running in?
natsio/nats-server-config-reloader:0.14.1 natsio/prometheus-nats-exporter:0.14.0
Is this defect reproducible?
Yes, we have Vulnerability scanning tool which scans our k8s pods frequently and it identified past due vulnerabilities in our NATS config reloader and prometheus exporter pods
Given the capability you are leveraging, describe your expectation?
New NATS images should be released that contain fixes to the following CVEs Config reloader: CVE-2023-6129 (openssl) CVE-2023-6237 (openssl) CVE-2024-0727 (openssl)
Prometheus exporter: CVE-2023-6129 (openssl) CVE-2023-6237 (openssl) CVE-2024-0727 (openssl) CVE-2023-5678 (openssl) CVE-2023-5363 (openssl)
Given the expectation, what is the defect you are observing?
Past due vulnerabilities in config-reloader and prometheus exporter images