Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-53143

Flaw in AWS client encryption detected in clair scan

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • 4.19.0
    • Windows Containers
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 3
    • Moderate
    • None
    • None
    • None
    • WINC - Sprint 269
    • 1
    • In Progress
    • Release Note Not Required
    • None
    • None
    • None
    • None
    • None

      Description of problem:

          Found packages with unpatched unknown vulnerabilities. Specifically, vulnerabilities were found in github.com/aws/aws-sdk-go-v1.55.5 with identifiers GO-2022-0635 and GO-2022-0646.

      Version-Release number of selected component (if applicable):

          Component: aws-sdk-go
Version: v1.55.5

      How reproducible:

          Always

      Steps to Reproduce:

      1 Scan the package github.com/aws/aws-sdk-go-v1.55.5 using Clair.
2. Verify that vulnerabilities GO-2022-0635 and GO-2022-0646 are reported as unpatched and unknown.    

      Actual results:

          Clair detects vulnerabilities GO-2022-0635 and GO-2022-0646 in the package github.com/aws/aws-sdk-go-v1.55.5 and reports them as unpatched due to the lack of a known fix.

      Expected results:

          The vulnerabilities GO-2022-0635 and GO-2022-0646 should be addressed, either by applying a patch or by updating the package once a fix is available.

      Additional info:

              jvaldes@redhat.com Jose Valdes
              jvaldes@redhat.com Jose Valdes
              None
              None
              Aharon Rasouli Aharon Rasouli
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: