Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-35282

GHSA-6wvf-f2vw-3425: ose-installer-container: containers/image allows unexpected authenticated registry accesses

XMLWordPrintable

    • Critical
    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      This vulnerability is a P0 in ARO which will impact Gov Cloud compliance of the service (P0 due in 25 days).

      Version-Release number of selected component (if applicable):

      The latest tag for hive in quay.io has this vulnerability: https://quay.io/repository/app-sre/hive/manifest/sha256:5ec2f286fef81cb4e1774ff7f25179be44d02b2bf68d825cf3b33d3be3050733?tab=vulnerabilities
Advisory recommends to update to versions 5.30.1

      How reproducible:

      N/A

      Steps to Reproduce:

      N/A

      Actual results:

      N/A

      Expected results:

      N/A

      Additional info:

      https://github.com/advisories/GHSA-6wvf-f2vw-3425
https://quay.io/repository/app-sre/hive/manifest/sha256:5ec2f286fef81cb4e1774ff7f25179be44d02b2bf68d825cf3b33d3be3050733?tab=vulnerabilities

            rh-ee-mold Mark Old
            rh-ee-sfairchi Steven Fairchild
            Jianping Shu Jianping Shu
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: