Undefined ✗ High severity vulnerability found in github.com/dgrijalva/jwt-go76
Description: Access Restriction Bypass77
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-59651578
Introduced through: github.com/IBM/networking-go-sdk/dnsrecordsv1@0.14.0, github.com/IBM/networking-go-sdk/zonesv1@0.14.0, github.com/openshift/installer/pkg/asset/machines/ibmcloud@#2c449439afd9, github.com/openshift/installer/pkg/destroy/ibmcloud@#2c449439afd979
From: github.com/IBM/networking-go-sdk/dnsrecordsv1@0.14.0 > github.com/IBM/go-sdk-core/v4/core@4.10.0 > github.com/dgrijalva/jwt-go@3.2.1
From: github.com/IBM/networking-go-sdk/zonesv1@0.14.0 > github.com/IBM/go-sdk-core/v4/core@4.10.0 > github.com/dgrijalva/jwt-go@3.2.1
From: github.com/openshift/installer/pkg/asset/machines/ibmcloud@#2c449439afd9 > github.com/openshift/installer/pkg/asset/installconfig/ibmcloud@#2c449439afd9 > github.com/IBM/networking-go-sdk/zonesv1@0.14.0 > github.com/IBM/go-sdk-core/v4/core@4.10.0 > github.com/dgrijalva/jwt-go@3.2.1
and 1 more...
Fixed in: 4.0.0-preview1
[efried@efried hive]$ go mod why github.com/dgrijalva/jwt-go # github.com/dgrijalva/jwt-go github.com/openshift/hive/pkg/ibmclient github.com/IBM/networking-go-sdk/dnsrecordsv1 github.com/IBM/go-sdk-core/v4/core github.com/dgrijalva/jwt-go
Bumping these based on installer may resolve.
✗ High severity vulnerability found in google.golang.org/grpc
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
Introduced through: google.golang.org/api/option@0.25.0, github.com/openshift/installer/pkg/asset/machines/gcp@#2c449439afd9, github.com/openshift/generic-admission-server/pkg/cmd@#6e8e035e4fe8, google.golang.org/api/cloudresourcemanager/v1@0.25.0, google.golang.org/api/compute/v1@0.25.0, google.golang.org/api/dns/v1@0.25.0, google.golang.org/api/serviceusage/v1@0.25.0, github.com/openshift/installer/pkg/destroy/gcp@#2c449439afd9
From: google.golang.org/api/option@0.25.0 > google.golang.org/grpc@1.58.2
From: google.golang.org/api/option@0.25.0 > google.golang.org/api/internal@0.25.0 > google.golang.org/grpc@1.58.2
From: github.com/openshift/installer/pkg/asset/machines/gcp@#2c449439afd9 > google.golang.org/api/option@0.25.0 > google.golang.org/grpc@1.58.2
and 36 more...
Fixed in: 1.56.3, 1.57.1, 1.58.3
✗ High severity vulnerability found in golang.org/x/net/http2
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327
Introduced through: k8s.io/apimachinery/pkg/util/net@0.27.2, k8s.io/client-go/rest@0.27.2, k8s.io/client-go/tools/cache@0.27.2, k8s.io/apimachinery/pkg/watch@0.27.2, github.com/openshift/generic-admission-server/pkg/cmd@#6e8e035e4fe8, k8s.io/client-go/discovery@0.27.2, k8s.io/client-go/tools/clientcmd@0.27.2, k8s.io/client-go/discovery/cached/disk@0.27.2, k8s.io/client-go/tools/leaderelection/resourcelock@0.27.2, k8s.io/client-go/testing@0.27.2, k8s.io/client-go/dynamic@0.27.2, k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/typed/apiregistration/v1@0.27.2, k8s.io/client-go/tools/record@0.27.2, k8s.io/client-go/plugin/pkg/client/auth/gcp@0.27.2, k8s.io/client-go/informers@0.27.2, k8s.io/client-go/listers/core/v1@0.27.2, k8s.io/client-go/tools/watch@0.27.2, k8s.io/apimachinery/pkg/apis/meta/v1@0.27.2, k8s.io/cli-runtime/pkg/printers@0.27.2, google.golang.org/api/option@0.25.0, k8s.io/client-go/applyconfigurations/meta/v1@0.27.2, k8s.io/client-go/restmapper@0.27.2, k8s.io/kubectl/pkg/util/openapi@0.27.2, k8s.io/cli-runtime/pkg/genericclioptions@0.27.2, sigs.k8s.io/controller-runtime/pkg/client/config@0.15.0, k8s.io/client-go/tools/leaderelection@0.27.2, k8s.io/client-go/discovery/fake@0.27.2, github.com/heptio/velero/pkg/apis/velero/v1@1.0.0, k8s.io/api/rbac/v1@0.27.2, github.com/openshift/api/authorization/v1@#afcbe27aec7c, github.com/openshift/api/image/v1@#afcbe27aec7c, github.com/openshift/api/machine/v1alpha1@#afcbe27aec7c, k8s.io/api/admission/v1beta1@0.27.2, k8s.io/api/admissionregistration/v1@0.27.2, k8s.io/api/batch/v1@0.27.2, k8s.io/api/certificates/v1@0.27.2, github.com/openshift/hive/apis/hivecontracts/v1alpha1@0.0.0, github.com/openshift/hive/apis/hiveinternal/v1alpha1@0.0.0, github.com/openshift/installer/pkg/asset/machines/alibabacloud@#2c449439afd9, github.com/openshift/installer/pkg/asset/machines/aws@#2c449439afd9, github.com/openshift/installer/pkg/asset/machines/azure@#2c449439afd9, github.com/openshift/installer/pkg/asset/machines/gcp@#2c449439afd9, github.com/openshift/installer/pkg/asset/machines/ibmcloud@#2c449439afd9, github.com/openshift/installer/pkg/asset/machines/openstack@#2c449439afd9, github.com/openshift/installer/pkg/asset/machines/ovirt@#2c449439afd9, github.com/openshift/installer/pkg/asset/machines/vsphere@#2c449439afd9, k8s.io/cluster-registry/pkg/apis/clusterregistry/v1alpha1@0.0.6, github.com/openshift/api/apps/v1@#afcbe27aec7c, github.com/openshift/api/route/v1@#afcbe27aec7c, k8s.io/api/apps/v1@0.27.2, github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1@0.50.0, k8s.io/api/core/v1@0.27.2, github.com/openshift/api/machine/v1beta1@#afcbe27aec7c, k8s.io/apimachinery/pkg/api/errors@0.27.2, k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.27.2, k8s.io/apimachinery/pkg/api/meta@0.27.2, github.com/openshift/custom-resource-status/conditions/v1@#f2fdb4999d87, github.com/openshift/hive/apis/hive/v1/agent@0.0.0, github.com/openshift/hive/apis/hive/v1/metricsconfig@0.0.0, github.com/openshift/installer/pkg/types@#2c449439afd9, github.com/openshift/library-go/pkg/controller@#9b7abe2c9cbf, k8s.io/apimachinery/pkg/api/equality@0.27.2, k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.27.2, k8s.io/cli-runtime/pkg/resource@0.27.2, sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.15.0, k8s.io/kubectl/pkg/polymorphichelpers@0.27.2, sigs.k8s.io/controller-runtime/pkg/metrics@0.15.0, github.com/openshift/hive/apis/hive/v1@0.0.0, github.com/openshift/cluster-api-provider-alibaba/pkg/apis/alibabacloudprovider/v1@#a7bf6bf132ca, github.com/openshift/cluster-api-provider-ovirt/pkg/apis/ovirtprovider/v1beta1@#e3f2850dd519, github.com/openshift/cluster-autoscaler-operator/pkg/apis/autoscaling/v1@#fe524080b551, github.com/openshift/cluster-autoscaler-operator/pkg/apis/autoscaling/v1beta1@#fe524080b551, github.com/openshift/machine-api-provider-gcp/pkg/apis/gcpprovider/v1beta1@0.0.0, sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.15.0, github.com/openshift/library-go/pkg/operator/resource/resourcemerge@#9b7abe2c9cbf, github.com/openshift/hive/apis@0.0.0, github.com/openshift/library-go/pkg/operator/resource/resourceread@#9b7abe2c9cbf, k8s.io/kube-aggregator/pkg/apis/apiregistration/v1@0.27.2, github.com/openshift/api/config/v1@#afcbe27aec7c, github.com/openshift/hive/apis/hive/v1/alibabacloud@0.0.0, github.com/openshift/hive/apis/hive/v1/aws@0.0.0, github.com/openshift/hive/apis/hive/v1/azure@0.0.0, github.com/openshift/hive/apis/hive/v1/baremetal@0.0.0, github.com/openshift/hive/apis/hive/v1/gcp@0.0.0, github.com/openshift/hive/apis/hive/v1/ibmcloud@0.0.0, github.com/openshift/hive/apis/hive/v1/openstack@0.0.0, github.com/openshift/hive/apis/hive/v1/ovirt@0.0.0, github.com/openshift/hive/apis/hive/v1/vsphere@0.0.0, k8s.io/client-go/util/retry@0.27.2, github.com/openshift/installer/pkg/destroy/alibabacloud@#2c449439afd9, github.com/openshift/installer/pkg/destroy/azure@#2c449439afd9, github.com/openshift/installer/pkg/destroy/vsphere@#2c449439afd9, github.com/openshift/library-go/pkg/verify@#9b7abe2c9cbf, github.com/openshift/installer/pkg/destroy/providers@#2c449439afd9, github.com/openshift/installer/pkg/destroy/ovirt@#2c449439afd9, k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.27.2, k8s.io/apimachinery/pkg/api/validation@0.27.2, google.golang.org/api/cloudresourcemanager/v1@0.25.0, google.golang.org/api/compute/v1@0.25.0, google.golang.org/api/dns/v1@0.25.0, google.golang.org/api/serviceusage/v1@0.25.0, sigs.k8s.io/controller-runtime/pkg/client@0.15.0, sigs.k8s.io/controller-runtime/pkg/cache@0.15.0, sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.15.0, k8s.io/kubectl/pkg/cmd/apply@0.27.2, k8s.io/kubectl/pkg/cmd/util@0.27.2, sigs.k8s.io/controller-runtime/pkg/config@0.15.0, github.com/openshift/cluster-api-provider-ovirt/pkg/apis@#e3f2850dd519, github.com/openshift/api/operator/v1@#afcbe27aec7c, github.com/openshift/installer/pkg/types/aws@#2c449439afd9, github.com/openshift/installer/pkg/types/openstack@#2c449439afd9, github.com/openshift/installer/pkg/types/ovirt@#2c449439afd9, github.com/openshift/installer/pkg/types/vsphere@#2c449439afd9, github.com/openshift/installer/pkg/destroy/aws@#2c449439afd9, github.com/openshift/installer/pkg/destroy/ibmcloud@#2c449439afd9, k8s.io/apimachinery/pkg/runtime/serializer@0.27.2, sigs.k8s.io/controller-runtime/pkg/client/fake@0.15.0, github.com/openshift/installer/pkg/destroy/gcp@#2c449439afd9, sigs.k8s.io/controller-runtime/pkg/event@0.15.0, github.com/openshift/machine-api-operator/pkg/controller/vsphere@#b15f199bf388, k8s.io/kubectl/pkg/cmd/delete@0.27.2, k8s.io/kubectl/pkg/cmd/patch@0.27.2, k8s.io/client-go/kubernetes@0.27.2, sigs.k8s.io/controller-runtime/pkg/webhook@0.15.0, github.com/openshift/installer/pkg/asset/installconfig/aws@#2c449439afd9, sigs.k8s.io/controller-runtime/pkg/predicate@0.15.0, sigs.k8s.io/controller-runtime/pkg/handler@0.15.0, sigs.k8s.io/controller-runtime/pkg/manager@0.15.0, github.com/openshift/installer/pkg/destroy/openstack@#2c449439afd9, github.com/openshift/library-go/pkg/manifest@#9b7abe2c9cbf, github.com/openshift/library-go/pkg/verify/store/sigstore@#9b7abe2c9cbf, sigs.k8s.io/controller-runtime/pkg/source@0.15.0, sigs.k8s.io/controller-runtime/pkg/controller@0.15.0
From: k8s.io/apimachinery/pkg/util/net@0.27.2 > golang.org/x/net/http2@0.15.0
From: k8s.io/client-go/rest@0.27.2 > golang.org/x/net/http2@0.15.0
From: k8s.io/client-go/tools/cache@0.27.2 > k8s.io/apimachinery/pkg/util/net@0.27.2 > golang.org/x/net/http2@0.15.0
and 179 more...
Fixed in: 0.17.0
- links to
- mentioned on
