Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL vulnerability CVE-2022-0778 #12571

Closed
sardobi opened this issue Mar 17, 2022 · 1 comment
Closed

OpenSSL vulnerability CVE-2022-0778 #12571

sardobi opened this issue Mar 17, 2022 · 1 comment

Comments

@sardobi
Copy link

sardobi commented Mar 17, 2022

Heya,

First time engaging with the Consul community, apologies if this isn't the right place to raise this. (I don't think this is a matter of responsible disclosure since it relates to a known & already disclosed vulnerability in one of Consul's dependencies.)

Our vulnerability scans are picking up CVE-2022-0778 being present in the Consul docker image (an OpenSSL vulnerability allowing crafted certs to create infinite validation loops).

It looks like Consul's container image is based on Alpine 3.13.7 and now 3.13.8 is available with a fixed version of OpenSSL. The fix is being rolled out pretty quickly.

Is there a plan to patch release Consul to take the fix?
@sardobi
Copy link
Author

sardobi commented Mar 18, 2022

Realised that the repo for the Docker image is a better place to raise this - closing and have raised there.

@sardobi sardobi closed this as completed Mar 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sardobi