Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Labels:
- no-qe

Activity Type:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
None
Story Points:
None

Target Version:
None
Release Blocker:
None
Sprint:
None

✗ High severity vulnerability found in golang.org/x/crypto/ssh/agent
Description: Improper Handling of Unexpected Data Type
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSHAGENT-12668891
Introduced through: github.com/openshift/installer/pkg/asset/machines/aws@1.4.19-ec5, github.com/openshift/installer/pkg/asset/machines/azure@1.4.19-ec5, github.com/openshift/installer/pkg/asset/machines/nutanix@1.4.19-ec5, github.com/openshift/installer/pkg/asset/machines/vsphere@1.4.19-ec5, github.com/openshift/installer/pkg/asset/machines/ibmcloud@1.4.19-ec5, github.com/openshift/installer/pkg/asset/machines/openstack@1.4.19-ec5, github.com/openshift/installer/pkg/asset/machines/gcp@1.4.19-ec5
From: github.com/openshift/installer/pkg/asset/machines/aws@1.4.19-ec5 > github.com/openshift/installer/pkg/asset/manifests/capiutils@1.4.19-ec5 > github.com/openshift/installer/pkg/asset/installconfig@1.4.19-ec5 > github.com/openshift/installer/pkg/types/validation@1.4.19-ec5 > github.com/openshift/installer/pkg/types/baremetal/validation@1.4.19-ec5 > github.com/digitalocean/go-libvirt@#fcabe97a6eed > github.com/digitalocean/go-libvirt/socket/dialers@#fcabe97a6eed > golang.org/x/crypto/ssh/agent@0.36.0
From: github.com/openshift/installer/pkg/asset/machines/azure@1.4.19-ec5 > github.com/openshift/installer/pkg/asset/manifests/capiutils@1.4.19-ec5 > github.com/openshift/installer/pkg/asset/installconfig@1.4.19-ec5 > github.com/openshift/installer/pkg/types/validation@1.4.19-ec5 > github.com/openshift/installer/pkg/types/baremetal/validation@1.4.19-ec5 > github.com/digitalocean/go-libvirt@#fcabe97a6eed > github.com/digitalocean/go-libvirt/socket/dialers@#fcabe97a6eed > golang.org/x/crypto/ssh/agent@0.36.0
From: github.com/openshift/installer/pkg/asset/machines/nutanix@1.4.19-ec5 > github.com/openshift/installer/pkg/asset/manifests/capiutils@1.4.19-ec5 > github.com/openshift/installer/pkg/asset/installconfig@1.4.19-ec5 > github.com/openshift/installer/pkg/types/validation@1.4.19-ec5 > github.com/openshift/installer/pkg/types/baremetal/validation@1.4.19-ec5 > github.com/digitalocean/go-libvirt@#fcabe97a6eed > github.com/digitalocean/go-libvirt/socket/dialers@#fcabe97a6eed > golang.org/x/crypto/ssh/agent@0.36.0
and 4 more...

Caught by ci/prow/security
Logs from one of the runs are here

links to

openshift/hive#2753: chore(KONFLUX-6210): fix and set name and cpe label for hive-mce-29

openshift/hive#2754: HIVE-2940: Revendor installer: AWS: no client-side rate limiting

openshift/hive#2755: HIVE-2937: revendor x/crypto for SNYK-GOLANG-GOLANGORGXCRYPTOSSHAGENT-12668891

Assignee:: Eric Fried

Reporter:: Suhani Mehta

Need Info From:: None

Contributors:: None

QA Contact:: None

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/09/18 3:12 AM

Updated:: 2025/09/25 7:12 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates