Giters

nats-io / k8s

NATS on Kubernetes with Helm Charts

Home Page:https://nats-io.github.io/k8s/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

OpenSSL past due vulnerabilities detected in config-reloader and prometheus exporter images

pradeep-singari1 opened this issue · comments

commented

What version were you using?

OpenSSL past due vulnerabilities detected in config-reloader and prometheus exporter images

What environment was the server running in?

natsio/nats-server-config-reloader:0.14.1
natsio/prometheus-nats-exporter:0.14.0

Is this defect reproducible?

Yes, we have Vulnerability scanning tool which scans our k8s pods frequently and it identified past due vulnerabilities in our NATS config reloader and prometheus exporter pods

Given the capability you are leveraging, describe your expectation?

New NATS images should be released that contain fixes to the following CVEs
Config reloader:
CVE-2023-6129 (openssl)
CVE-2023-6237 (openssl)
CVE-2024-0727 (openssl)

Prometheus exporter:
CVE-2023-6129 (openssl)
CVE-2023-6237 (openssl)
CVE-2024-0727 (openssl)
CVE-2023-5678 (openssl)
CVE-2023-5363 (openssl)

Given the expectation, what is the defect you are observing?

Past due vulnerabilities in config-reloader and prometheus exporter images