apk package
chainguard/argocd-image-updater-fips
pkg:apk/chainguard/argocd-image-updater-fips
Vulnerabilities (64)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-0793 | Hig | 7.7 | < 0.17.0-r2 | 0.17.0-r2 | Nov 17, 2024 | A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn. | |
| CVE-2024-5321 | Med | 6.1 | < 0.17.0-r2 | 0.17.0-r2 | Jul 18, 2024 | A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs. | |
| CVE-2024-3177 | Low | 2.7 | < 0.17.0-r2 | 0.17.0-r2 | Apr 22, 2024 | A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. T | |
| CVE-2023-2253 | — | < 0.17.0-r2 | 0.17.0-r2 | Jun 6, 2023 | A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all |
- affected < 0.17.0-r2fixed 0.17.0-r2
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
- affected < 0.17.0-r2fixed 0.17.0-r2
A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.
- affected < 0.17.0-r2fixed 0.17.0-r2
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. T
- CVE-2023-2253Jun 6, 2023affected < 0.17.0-r2fixed 0.17.0-r2
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all
Page 4 of 4