Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubelogin is vulnerable to CVE-2023-39323 #368

Closed
Abdulthetechguy opened this issue Dec 1, 2023 · 2 comments
Closed

kubelogin is vulnerable to CVE-2023-39323 #368

Abdulthetechguy opened this issue Dec 1, 2023 · 2 comments

Comments

@Abdulthetechguy
Copy link

Our image scanner (twistcli) picked this vulnerability up due to the version of Go package being used (version 1.19.10 ). The issue is fixed in versions 1.21.2, 1.20.9 . Can this be changed as it is stopping us from adding kubelogin to our buildgents due to the vulnerability.

kubelogin
@bcho
Copy link
Member

bcho commented Dec 1, 2023

Hi @Abdulthetechguy , thanks for reporting this issue. Can you let me know what's the kubelogin version you are using in this check?

@bcho
Copy link
Member

bcho commented Dec 1, 2023

nvm, I found the latest published version is built with 1.19.10:

kubelogin version
git hash: v0.0.33/441bb556e8486866aa809e9c2b82397f8a01f364
Go version: go1.19.10
Build time: 2023-10-26T15:51:09Z
Platform: darwin/arm64

@bcho bcho mentioned this issue Dec 1, 2023
Merged
@weinong weinong closed this as completed Dec 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bcho @weinong @Abdulthetechguy