OpenSSL past due vulnerabilities detected in config-reloader and prometheus exporter images #887
Labels
defect
Suspected defect such as a bug or regression
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What version were you using?
OpenSSL past due vulnerabilities detected in config-reloader and prometheus exporter images
What environment was the server running in?
natsio/nats-server-config-reloader:0.14.1
natsio/prometheus-nats-exporter:0.14.0
Is this defect reproducible?
Yes, we have Vulnerability scanning tool which scans our k8s pods frequently and it identified past due vulnerabilities in our NATS config reloader and prometheus exporter pods
Given the capability you are leveraging, describe your expectation?
New NATS images should be released that contain fixes to the following CVEs
Config reloader:
CVE-2023-6129 (openssl)
CVE-2023-6237 (openssl)
CVE-2024-0727 (openssl)
Prometheus exporter:
CVE-2023-6129 (openssl)
CVE-2023-6237 (openssl)
CVE-2024-0727 (openssl)
CVE-2023-5678 (openssl)
CVE-2023-5363 (openssl)
Given the expectation, what is the defect you are observing?
Past due vulnerabilities in config-reloader and prometheus exporter images
The text was updated successfully, but these errors were encountered: