Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k8s-gmsa-webhook - 0.40 - CVE-2022-29526 #84

Closed
ckrueger1979 opened this issue Aug 17, 2022 · 1 comment · Fixed by #85
Closed

k8s-gmsa-webhook - 0.40 - CVE-2022-29526 #84

ckrueger1979 opened this issue Aug 17, 2022 · 1 comment · Fixed by #85
Assignees
@marosset

Comments

@ckrueger1979
Copy link

Hi,

our habor scan of the image k8s-gmsa-webhook - 0.40 shows CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Can you please check this?

greetings
Carsten
@marosset
Copy link
Contributor

/assign

@marosset marosset mentioned this issue Aug 17, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marosset marosset

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Updating golang to v1.18 and deps marosset/windows-gmsa
2 participants
@marosset @ckrueger1979