Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kots/1.112.1 package update #24105

Merged
merged 1 commit into from
Jul 17, 2024
Merged

kots/1.112.1 package update #24105

merged 1 commit into from
Jul 17, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Jul 16, 2024

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. labels Jul 16, 2024
@github-actions GitHub Actions
Copy link
Contributor

Package kots: Click to expand/collapse

Package kots:
Modified: /usr/bin/kots
Modified: /usr/bin/kotsadm

Package kots-symlink-compat: Click to expand/collapse

Package kots-symlink-compat:
Unchanged

bincapz found differences: Click to expand/collapse

Moved: kots/var/lib/db/sbom/kots-1.112.0-r0.spdx.json -> /tmp/wolfictl-apk-3678799839/kots/var/lib/db/sbom/kots-1.112.1-r0.spdx.json (similarity: 0.99)

Changed: /tmp/wolfictl-apk-3678799839/kots-symlink-compat/var/lib/db/sbom/kots-symlink-compat-1.112.1-r0.spdx.json

Changed: /tmp/wolfictl-apk-3678799839/kots/usr/bin/kots

Changed: /tmp/wolfictl-apk-3678799839/kots/usr/bin/kotsadm

1 removed behaviors

RISK KEY DESCRIPTION EVIDENCE
-MEDIUM security_controls/linux/ufw interacts with the ufw firewall allow
deny
disable
enable
ufw

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Jul 16, 2024

bincapz detected files with a risk score equal or higher than 'CRITICAL': Click to expand/collapse

/tmp/bincapz2915025190/packages/x86_64/kots-1.112.1-r0.apk/usr/bin/kots [🚨 CRITICAL]

RISK KEY DESCRIPTION EVIDENCE
HIGH combo/dropper/shell fetches content and pipes it to a shell [curl https://kots.io/install
HIGH combo/stealer/creds suspected data stealer Atomic
Bitcoin
Bookmarks
Chrome
Chromium
Firefox
History
Snowflake
CRITICAL evasion/base64/php_functions References multiple PHP functions in base64 form <?php::$php
BcnJhe::$f_Array
FycmF5::$f_Array
NvdW50::$f_count
QXJyYX::$f_Array
Y291bn::$f_count
ZXhlY::$f_exec
base64_decode
c3lzdGVt::$f_system
leGVj::$f_exec
zeXN0ZW::$f_system
HIGH evasion/rename_system_binary Renames system binary cp /usr/bin/mc
HIGH ref/path/dev/shm reference file within /dev/shm (world writeable) /dev/shm/aufs.xinovfs

/tmp/bincapz2915025190/packages/x86_64/kots-1.112.1-r0.apk/usr/bin/kotsadm [🚨 CRITICAL]

RISK KEY DESCRIPTION EVIDENCE
HIGH combo/dropper/shell fetches content and pipes it to a shell [curl https://krew.sh/preflight
HIGH combo/recon/upload_netinfo Has a user agent and collects network info /proc/net/route
User-Agent
HIGH combo/stealer/creds suspected data stealer Atomic
Bitcoin
Bookmarks
Chrome
Chromium
Firefox
History
Snowflake
CRITICAL evasion/base64/php_functions References multiple PHP functions in base64 form <?php::$php
BcnJhe::$f_Array
FycmF5::$f_Array
NvdW50::$f_count
QXJyYX::$f_Array
Y291bn::$f_count
ZXhlY::$f_exec
base64_decode
c3lzdGVt::$f_system
leGVj::$f_exec
zeXN0ZW::$f_system
HIGH evasion/rename_system_binary Renames system binary cp /usr/bin/mc
HIGH ref/path/dev/shm reference file within /dev/shm (world writeable) /dev/shm/aufs.xinovfs

@egibs egibs mentioned this pull request Jul 17, 2024
Merged
@hectorj2f hectorj2f merged commit ad94c69 into main Jul 17, 2024
8 checks passed
@hectorj2f hectorj2f deleted the wolfictl-93102b38-e352-4f64-8da5-6d67865243e5 branch July 17, 2024 18:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@egibs egibs egibs approved these changes

@hectorj2f hectorj2f hectorj2f approved these changes

Assignees
No one assigned
Labels
automated pr P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-version-update request for a newer version of a package service:bincapz/blocking
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hectorj2f @egibs @wolfi-bot