apk package
chainguard/blob-csi-fips-1.25
pkg:apk/chainguard/blob-csi-fips-1.25
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22874 | Hig | 7.5 | < 1.25.8-r1 | 1.25.8-r1 | Jun 11, 2025 | Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. | |
| CVE-2025-1767 | Med | 6.5 | < 0 | 0 | Mar 13, 2025 | This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using t | |
| CVE-2025-22868 | — | < 1.25.5-r2 | 1.25.5-r2 | Feb 26, 2025 | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. |
- affected < 1.25.8-r1fixed 1.25.8-r1
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
- affected < 0fixed 0
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using t
- CVE-2025-22868Feb 26, 2025affected < 1.25.5-r2fixed 1.25.5-r2
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Page 3 of 3