Uploaded image for project: 'MicroShift'
  1. MicroShift
  2. USHIFT-5711

Snyk errors in 4.19

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • openshift-4.19
    • None
    • None
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 1
    • None
    • None
    • uShift Sprint 270
    • None
    • None
    • None

      Description of problem:

      Since 4.19 branching we are getting these two errors in snyk analysis:

 ✗ [Medium] Path Traversal
ID: 7154f7f8-a0c9-42ec-b8b7-dc8727837ddf Path: pkg/cmd/init.go, line 614   
Info: Unsanitized input from file name flows into os.RemoveAll, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to delete arbitrary files

✗ [Medium] Improper Certificate Validation   
ID: cd1300f4-2c30-4395-b9cd-31e44905379f   
Path: pkg/util/net.go, line 91   
Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

              pacevedo@redhat.com Pablo Acevedo Montserrat
              pacevedo@redhat.com Pablo Acevedo Montserrat
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: