github-actions[bot]
commented
6 days ago :mag: Vulnerabilities of ghcr.io/uniget-org/tools/teleport:16.0.4
:package: Image Reference ghcr.io/uniget-org/tools/teleport:16.0.4
| digest | sha256:8aca6cb85a98ef45038e0100c3df824085e54b2ba619e20a1be92e4fa819184e |
| vulnerabilities |     |
| platform | linux/amd64 |
| size | 168 MB |
| packages | 406 |
pkg:golang/github.com/aws/aws-sdk-go@1.52.2
DescriptionThe Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket. Files encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client. 
DescriptionThe Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket. Files encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client. | ||||||||
pkg:golang/k8s.io/apiserver@0.30.0 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
DescriptionThe Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests. |
github.com/aws/aws-sdk-go 
k8s.io/apiserver
This PR contains the following updates:
16.0.3->16.0.4Release Notes
gravitational/teleport (gravitational/teleport)
### [`v16.0.4`](https://togithub.com/gravitational/teleport/releases/tag/v16.0.4): Teleport 16.0.4 [Compare Source](https://togithub.com/gravitational/teleport/compare/v16.0.3...v16.0.4) #### Description - Omit control plane services from the inventory list output for Cloud-Hosted instances. [#43779](https://togithub.com/gravitational/teleport/pull/43779) - Updated Go toolchain to v1.22.5. [#43768](https://togithub.com/gravitational/teleport/pull/43768) - Reduced CPU usage in auth servers experiencing very high concurrent request load. [#43755](https://togithub.com/gravitational/teleport/pull/43755) - Machine ID defaults to disabling the use of the Kubernetes exec plugin when writing a Kubeconfig to a directory destination. This removes the need to manually configure `disable_exec_plugin`. [#43655](https://togithub.com/gravitational/teleport/pull/43655) - Fixed startup crash of Teleport Connect on Ubuntu 24.04 by adding an AppArmor profile. [#43653](https://togithub.com/gravitational/teleport/pull/43653) - Added support for dialling leaf clusters to the tbot SSH multiplexer. [#43634](https://togithub.com/gravitational/teleport/pull/43634) - Extend Teleport ability to use non-default cluster domains in Kubernetes, avoiding the assumption of `cluster.local`. [#43631](https://togithub.com/gravitational/teleport/pull/43631) - Wait for user MFA input when reissuing expired certificates for a kube proxy. [#43612](https://togithub.com/gravitational/teleport/pull/43612) - Improved error diagnostics when using Machine ID's SSH multiplexer. [#43586](https://togithub.com/gravitational/teleport/pull/43586) Enterprise: - Teleport Enterprise now supports the `TELEPORT_REPORTING_HTTP(S)_PROXY` environment variable to specify the URL of the HTTP(S) proxy used for connections to our usage reporting ingest service. #### Download Download the current and previous releases of Teleport at https://goteleport.com/download. Download the current release of Teleport plugins from the links below. - Slack ([Linux amd64](https://get.gravitational.com/teleport-access-slack-v16.0.4-linux-amd64-bin.tar.gz)) - Mattermost ([Linux amd64](https://get.gravitational.com/teleport-access-mattermost-v16.0.4-linux-amd64-bin.tar.gz)) - Discord ([Linux amd64](https://get.gravitational.com/teleport-access-discord-v16.0.4-linux-amd64-bin.tar.gz)) - Terraform Provider ([Linux amd64](https://get.gravitational.com/terraform-provider-teleport-v16.0.4-linux-amd64-bin.tar.gz) | [Linux arm64](https://get.gravitational.com/terraform-provider-teleport-v16.0.4-linux-arm64-bin.tar.gz) | [macOS amd64](https://get.gravitational.com/terraform-provider-teleport-v16.0.4-darwin-amd64-bin.tar.gz) | [macOS arm64](https://get.gravitational.com/terraform-provider-teleport-v16.0.4-darwin-arm64-bin.tar.gz) | [macOS universal](https://get.gravitational.com/terraform-provider-teleport-v16.0.4-darwin-universal-bin.tar.gz)) - Event Handler ([Linux amd64](https://get.gravitational.com/teleport-event-handler-v16.0.4-linux-amd64-bin.tar.gz) | [macOS amd64](https://get.gravitational.com/teleport-event-handler-v16.0.4-darwin-amd64-bin.tar.gz)) - PagerDuty ([Linux amd64](https://get.gravitational.com/teleport-access-pagerduty-v16.0.4-linux-amd64-bin.tar.gz)) - Jira ([Linux amd64](https://get.gravitational.com/teleport-access-jira-v16.0.4-linux-amd64-bin.tar.gz)) - Email ([Linux amd64](https://get.gravitational.com/teleport-access-email-v16.0.4-linux-amd64-bin.tar.gz)) - Microsoft Teams ([Linux amd64](https://get.gravitational.com/teleport-access-msteams-v16.0.4-linux-amd64-bin.tar.gz))Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.