Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Critical vulnerabilities in Capsule v0.3.2 #779

Closed
meetdpv opened this issue Jun 23, 2023 · 1 comment · Fixed by #780
Closed

Critical vulnerabilities in Capsule v0.3.2 #779

meetdpv opened this issue Jun 23, 2023 · 1 comment · Fixed by #780
Assignees
Labels
bug Something isn't working go Pull requests that update Go code
Milestone

Comments

@meetdpv
Copy link

meetdpv commented Jun 23, 2023

Bug description

Critical vulnerabilities found during Twistlock scan of Capsule 0.3.2 image

How to reproduce

Run on Twistlock scan on Capsule image

Steps to reproduce the behavior:

Twistlock scan report attached for reference
capsule 0 3 2 scan

Expected behavior

No critical vulnerabilities present. We want to take Capsule to higher environments in next couple of weeks so need to get clearance from Security team.

Logs

If applicable, please provide logs of capsule.

In a standard stand-alone installation of Capsule,
you'd get this by running kubectl -n capsule-system logs deploy/capsule-controller-manager.

Additional context

  • Capsule version: (capsule --version) v0.3.2
  • Helm Chart version: (helm list -n capsule-system) v0.3.2
  • Kubernetes version

: (kubectl version)

@meetdpv meetdpv added blocked-needs-validation Issue need triage and validation bug Something isn't working labels Jun 23, 2023
@prometherion prometherion self-assigned this Jun 23, 2023
@prometherion prometherion added go Pull requests that update Go code and removed blocked-needs-validation Issue need triage and validation labels Jun 23, 2023
@prometherion
Copy link
Member

These are inapplicable CVE reports since Capsule is built with CGO disabled and the reported issues are non affecting Capsule itself.

I'll bump anyway to snooze those alerts since Capsule is used by other organizations that are paying attention to Twistlock reports.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working go Pull requests that update Go code
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants