Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-35586

GHSA-6wvf-f2vw-3425: ose-installer-container: containers/image allows unexpected authenticated registry accesses

XMLWordPrintable

    • Critical
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • N/A
    • CVE - Common Vulnerabilities and Exposures
    • Done

      This is a clone of issue OCPBUGS-35527. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-34037. The following is the description of the original issue:

      Open Github Security Advisory for: containers/image

      https://github.com/advisories/GHSA-6wvf-f2vw-3425

      The ARO SRE team became aware of this advisory against our installer fork. Upstream installer is also pinning a vulnerable version of containerd.

      Advisory recommends to update to versions 5.30.1

            rdossant Rafael Fonseca dos Santos
            openshift-crt-jira-prow OpenShift Prow Bot
            Gaoyun Pei Gaoyun Pei
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: