We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What happened?
It looks like grafana in the kube-prometheus-stack-grafana deployment has been built with a vulnerable version of the go-git/v5 library.
grafana
kube-prometheus-stack-grafana
go-git/v5
Specifically usr/share/grafana/bin/grafana (gobinary)
usr/share/grafana/bin/grafana (gobinary)
CVE-2023-49569 in github.com/go-git/go-git/v5 Severity: CRITICAL Resource: monitoring/Deployment/kube-prometheus-stack-grafana Installed Version: v5.4.2 Fixed Version: 5.11.0
Did you expect to see some different?
How to reproduce it (as minimally and precisely as possible):
❯ trivy image docker.io/grafana/grafana:10.2.2
Environment
N/A
Client Version: v1.29.0 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.28.4-eks-8cb36c9
EKS
NA
Anything else we need to know?:
The text was updated successfully, but these errors were encountered:
@mfreeman451 can we get this re-scanned. Robusta has been updated multiple times since this scan
Sorry, something went wrong.
No branches or pull requests
What happened?
It looks like
grafana
in thekube-prometheus-stack-grafana
deployment has been built with a vulnerable version of thego-git/v5
library.Specifically
usr/share/grafana/bin/grafana (gobinary)
Did you expect to see some different?
How to reproduce it (as minimally and precisely as possible):
Environment
N/A
Client Version: v1.29.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.4-eks-8cb36c9
EKS
NA
NA
NA
Anything else we need to know?:
The text was updated successfully, but these errors were encountered: