Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-35282

GHSA-6wvf-f2vw-3425: ose-installer-container: containers/image allows unexpected authenticated registry accesses

XMLWordPrintable

    • Critical
    • No
    • Approved
    • False
    • Hide

      Hive needs to re-vendor to OCP 4.17 in order to deploy it

      Show
      Hive needs to re-vendor to OCP 4.17 in order to deploy it
    • N/A
    • Release Note Not Required
    • Done

      Description of problem:

      This vulnerability is a P0 in ARO which will impact Gov Cloud compliance of the service (P0 due in 25 days).

      Version-Release number of selected component (if applicable):

      The latest tag for hive in quay.io has this vulnerability: https://quay.io/repository/app-sre/hive/manifest/sha256:5ec2f286fef81cb4e1774ff7f25179be44d02b2bf68d825cf3b33d3be3050733?tab=vulnerabilities
Advisory recommends to update to versions 5.30.1

      How reproducible:

      N/A

      Steps to Reproduce:

      N/A

      Actual results:

      N/A

      Expected results:

      N/A

      Additional info:

      https://github.com/advisories/GHSA-6wvf-f2vw-3425
https://quay.io/repository/app-sre/hive/manifest/sha256:5ec2f286fef81cb4e1774ff7f25179be44d02b2bf68d825cf3b33d3be3050733?tab=vulnerabilities

              leah_leshchinsky Leah Leshchinsky (Inactive)
              rh-ee-sfairchi Steven Fairchild
              Jianping Shu Jianping Shu
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: