This issue tracks low and below severity issues from the CNCF-commissioned security audit. The issue numbers refer to the ones in the report itself which you can find here. All issues not listed here have been already addressed.

Issues

• 1 - Out of bounds file read in certificate manager GetSecrets() - Low
• 3 - Handlers of the Cilium Docker plugin do not limit the size of the http request body before decoding it. Informational
• 4 - Possible memory exhaustion from CNI template rendering - Informational
• 5 - Possible excessive memory allocation - Low
• 7 - Race condition in pkg/policy.Repository.LocalEndpointIdentityRemoved() - Low
• 8 - Deprecated 3rd-party library - Informational
• 9 - TOCTOU race condition in endpoint file move helper function - Low
• 10 - Redundant return statements - Informational
• 11 - Redundant imports - Informational
• 12 - Redundant function parameters - Informational
• 13 - TOCTOU race condition in sockops bpftoolLoad - Low
• 16 - Race condition when starting operator apiserver - Low
• 17 - Bad code practice: Identical identifier of import and variable - Low
• 19 - Possible type confusions - Low
• 20 - Ill-defined contexts - Informational
• 22 - Deprecated function calls - Low