apk package

chainguard/kube-logging-logging-operator-3.17-compat

pkg:apk/chainguard/kube-logging-logging-operator-3.17-compat

Vulnerabilities (43)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-39325	—	< 3.17.11-r3	3.17.11-r3	Oct 11, 2023	A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack
CVE-2023-3978	—	< 3.17.11-r3	3.17.11-r3	Aug 2, 2023	Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
CVE-2020-8559	—	< 3.17.11-r21	3.17.11-r21	Jul 22, 2020	The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

CVE-2023-39325Oct 11, 2023
affected < 3.17.11-r3fixed 3.17.11-r3
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack
CVE-2023-3978Aug 2, 2023
affected < 3.17.11-r3fixed 3.17.11-r3
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
CVE-2020-8559Jul 22, 2020
affected < 3.17.11-r21fixed 3.17.11-r21
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Page 3 of 3