[Git][security-tracker-team/security-tracker][master] new kubernetes issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 21 07:37:54 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0521571e by Moritz Muehlenhoff at 2025-03-21T08:37:35+01:00
new kubernetes issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -366,7 +366,11 @@ CVE-2024-7764 (Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficien
CVE-2024-7760 (aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSR ...)
NOT-FOR-US: aimhubio/aim
CVE-2024-7598 (A security issue was discovered in Kubernetes where a malicious or com ...)
- TODO: check
+ - kubernetes 1.20.5+really1.20.2-1
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
+ NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
+ NOTE: https://github.com/kubernetes/kubernetes/issues/126587
+ NOTE: https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc
CVE-2024-7476 (A broken access control vulnerability exists in lunary-ai/lunary versi ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-7058 (A vulnerability in the sanitize_path function in parisneo/lollms-webui ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0521571ed4461a1edb3006ee961c604cb0b0094c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0521571ed4461a1edb3006ee961c604cb0b0094c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250321/c8dbc57a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list