Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set --tls-cipher-suites option in metrics-server for CVE-2016-2183 #2186

Merged
merged 1 commit into from
Jun 12, 2023
Merged

set --tls-cipher-suites option in metrics-server for CVE-2016-2183 #2186

merged 1 commit into from
Jun 12, 2023

Conversation

athlonreg
Copy link
Contributor

metrics-server 的启动参数设置 --tls-cipher-suites 可以避免 CVE-2016-2183 安全漏洞,如果不加使用 nmap 扫描 4443 端口结果如下

image

指定后扫描结果如下

image

此参数设置了加密套件列表,列表内容取于默认生成的参数列表去除不安全的 C 级套件

@ks-ci-bot ks-ci-bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Apr 17, 2023
@athlonreg
Copy link
Contributor Author

关于此漏洞的介绍可参考 https://segmentfault.com/a/1190000038486901

@pixiake
Copy link
Collaborator

pixiake commented Jun 4, 2023

/cc @kubesphere/sig-observability

@ks-ci-bot
Copy link
Collaborator

@pixiake: GitHub didn't allow me to request PR reviews from the following users: kubesphere/sig-observability.

Note that only kubesphere members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @kubesphere/sig-observability

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@frezes
Copy link
Member

frezes commented Jun 12, 2023

/lgtm

@ks-ci-bot
Copy link
Collaborator

@frezes: changing LGTM is restricted to collaborators

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@benjaminhuo
Copy link
Member

benjaminhuo commented Jun 12, 2023
edited
Loading

@athlonreg Thanks, you can take a look at the upstream metric server charts to verify if it's need to be fixed as well
https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server
/lgtm
/approve

@ks-ci-bot ks-ci-bot added the lgtm Indicates that a PR is ready to be merged. label Jun 12, 2023
@ks-ci-bot
Copy link
Collaborator

LGTM label has been added.

Git tree hash: 748726add43f6b83830761d302ac80d4e4eb2dea

@ks-ci-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: athlonreg, benjaminhuo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ks-ci-bot ks-ci-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 12, 2023
@ks-ci-bot ks-ci-bot merged commit fb3e3ec into kubesphere:master Jun 12, 2023
1 check passed
@athlonreg athlonreg mentioned this pull request Jun 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@benjaminhuo benjaminhuo

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@athlonreg @pixiake @ks-ci-bot @frezes @benjaminhuo