Commit released Helm Chart and docs for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
7965212497
commit
b8cf751c29
|
@ -1,6 +1,19 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="prometheus-1.1.68"></a>
|
||||
### [prometheus-1.1.68](https://github.com/truecharts/apps/compare/prometheus-1.1.67...prometheus-1.1.68) (2022-02-26)
|
||||
|
||||
#### Chore
|
||||
|
||||
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
|
||||
|
||||
#### Fix
|
||||
|
||||
* don't export node-exporter on host
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.67"></a>
|
||||
### [prometheus-1.1.67](https://github.com/truecharts/apps/compare/prometheus-1.1.66...prometheus-1.1.67) (2022-02-22)
|
||||
|
||||
|
|
|
@ -151,6 +151,7 @@ You will, however, be able to use all values referenced in the common chart here
|
|||
| kubelet.serviceMonitor.relabelings | list | `[]` | |
|
||||
| node-exporter.extraArgs."collector.filesystem.ignored-fs-types" | string | `"^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$"` | |
|
||||
| node-exporter.extraArgs."collector.filesystem.ignored-mount-points" | string | `"^/(dev|proc|sys|var/lib/docker/.+)($|/)"` | |
|
||||
| node-exporter.hostNetwork | bool | `false` | |
|
||||
| node-exporter.service.labels.jobLabel | string | `"node-exporter"` | |
|
||||
| node-exporter.serviceMonitor.enabled | bool | `true` | |
|
||||
| node-exporter.serviceMonitor.jobLabel | string | `"jobLabel"` | |
|
||||
|
|
|
@ -52,7 +52,6 @@ hide:
|
|||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||||
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container 'node-exporter' of DaemonSet 'RELEASE-NAME-node-exporter' should set 'securityContext.allowPrivilegeEscalation' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'node-exporter' of DaemonSet 'RELEASE-NAME-node-exporter' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV009 | Access to host network | HIGH | <details><summary>Expand...</summary> Sharing the host’s network namespace permits processes in the pod to communicate with processes bound to the host’s loopback adapter. <br> <hr> <br> DaemonSet 'RELEASE-NAME-node-exporter' should not set 'spec.template.spec.hostNetwork' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv009">https://avd.aquasec.com/appshield/ksv009</a><br></details> |
|
||||
| Kubernetes Security Check | KSV010 | Access to host PID | HIGH | <details><summary>Expand...</summary> Sharing the host’s PID namespace allows visibility on host processes, potentially leaking information such as environment variables and configuration. <br> <hr> <br> DaemonSet 'RELEASE-NAME-node-exporter' should not set 'spec.template.spec.hostPID' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv010">https://avd.aquasec.com/appshield/ksv010</a><br></details> |
|
||||
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'node-exporter' of DaemonSet 'RELEASE-NAME-node-exporter' should set 'resources.limits.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'node-exporter' of DaemonSet 'RELEASE-NAME-node-exporter' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
|
@ -370,6 +369,8 @@ hide:
|
|||
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html</a><br><a href="http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html">http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html</a><br><a href="https://access.redhat.com/errata/RHSA-2019:3624">https://access.redhat.com/errata/RHSA-2019:3624</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893</a><br><a href="https://github.com/seccomp/libseccomp/issues/139">https://github.com/seccomp/libseccomp/issues/139</a><br><a href="https://linux.oracle.com/cve/CVE-2019-9893.html">https://linux.oracle.com/cve/CVE-2019-9893.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-3624.html">https://linux.oracle.com/errata/ELSA-2019-3624.html</a><br><a href="https://seclists.org/oss-sec/2019/q1/179">https://seclists.org/oss-sec/2019/q1/179</a><br><a href="https://security.gentoo.org/glsa/201904-18">https://security.gentoo.org/glsa/201904-18</a><br><a href="https://ubuntu.com/security/notices/USN-4001-1">https://ubuntu.com/security/notices/USN-4001-1</a><br><a href="https://ubuntu.com/security/notices/USN-4001-2">https://ubuntu.com/security/notices/USN-4001-2</a><br><a href="https://usn.ubuntu.com/4001-1/">https://usn.ubuntu.com/4001-1/</a><br><a href="https://usn.ubuntu.com/4001-2/">https://usn.ubuntu.com/4001-2/</a><br><a href="https://www.openwall.com/lists/oss-security/2019/03/15/1">https://www.openwall.com/lists/oss-security/2019/03/15/1</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
|
@ -560,6 +561,8 @@ hide:
|
|||
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html</a><br><a href="http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html">http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html</a><br><a href="https://access.redhat.com/errata/RHSA-2019:3624">https://access.redhat.com/errata/RHSA-2019:3624</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893</a><br><a href="https://github.com/seccomp/libseccomp/issues/139">https://github.com/seccomp/libseccomp/issues/139</a><br><a href="https://linux.oracle.com/cve/CVE-2019-9893.html">https://linux.oracle.com/cve/CVE-2019-9893.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-3624.html">https://linux.oracle.com/errata/ELSA-2019-3624.html</a><br><a href="https://seclists.org/oss-sec/2019/q1/179">https://seclists.org/oss-sec/2019/q1/179</a><br><a href="https://security.gentoo.org/glsa/201904-18">https://security.gentoo.org/glsa/201904-18</a><br><a href="https://ubuntu.com/security/notices/USN-4001-1">https://ubuntu.com/security/notices/USN-4001-1</a><br><a href="https://ubuntu.com/security/notices/USN-4001-2">https://ubuntu.com/security/notices/USN-4001-2</a><br><a href="https://usn.ubuntu.com/4001-1/">https://usn.ubuntu.com/4001-1/</a><br><a href="https://usn.ubuntu.com/4001-2/">https://usn.ubuntu.com/4001-2/</a><br><a href="https://www.openwall.com/lists/oss-security/2019/03/15/1">https://www.openwall.com/lists/oss-security/2019/03/15/1</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
|
@ -743,6 +746,8 @@ hide:
|
|||
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html</a><br><a href="http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html">http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html</a><br><a href="https://access.redhat.com/errata/RHSA-2019:3624">https://access.redhat.com/errata/RHSA-2019:3624</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893</a><br><a href="https://github.com/seccomp/libseccomp/issues/139">https://github.com/seccomp/libseccomp/issues/139</a><br><a href="https://linux.oracle.com/cve/CVE-2019-9893.html">https://linux.oracle.com/cve/CVE-2019-9893.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-3624.html">https://linux.oracle.com/errata/ELSA-2019-3624.html</a><br><a href="https://seclists.org/oss-sec/2019/q1/179">https://seclists.org/oss-sec/2019/q1/179</a><br><a href="https://security.gentoo.org/glsa/201904-18">https://security.gentoo.org/glsa/201904-18</a><br><a href="https://ubuntu.com/security/notices/USN-4001-1">https://ubuntu.com/security/notices/USN-4001-1</a><br><a href="https://ubuntu.com/security/notices/USN-4001-2">https://ubuntu.com/security/notices/USN-4001-2</a><br><a href="https://usn.ubuntu.com/4001-1/">https://usn.ubuntu.com/4001-1/</a><br><a href="https://usn.ubuntu.com/4001-2/">https://usn.ubuntu.com/4001-2/</a><br><a href="https://www.openwall.com/lists/oss-security/2019/03/15/1">https://www.openwall.com/lists/oss-security/2019/03/15/1</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
|
|
|
@ -1,6 +1,19 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="prometheus-1.1.68"></a>
|
||||
### [prometheus-1.1.68](https://github.com/truecharts/apps/compare/prometheus-1.1.67...prometheus-1.1.68) (2022-02-26)
|
||||
|
||||
#### Chore
|
||||
|
||||
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
|
||||
|
||||
#### Fix
|
||||
|
||||
* don't export node-exporter on host
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.67"></a>
|
||||
### [prometheus-1.1.67](https://github.com/truecharts/apps/compare/prometheus-1.1.66...prometheus-1.1.67) (2022-02-22)
|
||||
|
||||
|
|
|
@ -151,6 +151,7 @@ You will, however, be able to use all values referenced in the common chart here
|
|||
| kubelet.serviceMonitor.relabelings | list | `[]` | |
|
||||
| node-exporter.extraArgs."collector.filesystem.ignored-fs-types" | string | `"^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$"` | |
|
||||
| node-exporter.extraArgs."collector.filesystem.ignored-mount-points" | string | `"^/(dev|proc|sys|var/lib/docker/.+)($|/)"` | |
|
||||
| node-exporter.hostNetwork | bool | `false` | |
|
||||
| node-exporter.service.labels.jobLabel | string | `"node-exporter"` | |
|
||||
| node-exporter.serviceMonitor.enabled | bool | `true` | |
|
||||
| node-exporter.serviceMonitor.jobLabel | string | `"jobLabel"` | |
|
||||
|
|
|
@ -52,7 +52,6 @@ hide:
|
|||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||||
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container 'node-exporter' of DaemonSet 'RELEASE-NAME-node-exporter' should set 'securityContext.allowPrivilegeEscalation' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'node-exporter' of DaemonSet 'RELEASE-NAME-node-exporter' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV009 | Access to host network | HIGH | <details><summary>Expand...</summary> Sharing the host’s network namespace permits processes in the pod to communicate with processes bound to the host’s loopback adapter. <br> <hr> <br> DaemonSet 'RELEASE-NAME-node-exporter' should not set 'spec.template.spec.hostNetwork' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv009">https://avd.aquasec.com/appshield/ksv009</a><br></details> |
|
||||
| Kubernetes Security Check | KSV010 | Access to host PID | HIGH | <details><summary>Expand...</summary> Sharing the host’s PID namespace allows visibility on host processes, potentially leaking information such as environment variables and configuration. <br> <hr> <br> DaemonSet 'RELEASE-NAME-node-exporter' should not set 'spec.template.spec.hostPID' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv010">https://avd.aquasec.com/appshield/ksv010</a><br></details> |
|
||||
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'node-exporter' of DaemonSet 'RELEASE-NAME-node-exporter' should set 'resources.limits.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'node-exporter' of DaemonSet 'RELEASE-NAME-node-exporter' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
|
@ -370,6 +369,8 @@ hide:
|
|||
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html</a><br><a href="http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html">http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html</a><br><a href="https://access.redhat.com/errata/RHSA-2019:3624">https://access.redhat.com/errata/RHSA-2019:3624</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893</a><br><a href="https://github.com/seccomp/libseccomp/issues/139">https://github.com/seccomp/libseccomp/issues/139</a><br><a href="https://linux.oracle.com/cve/CVE-2019-9893.html">https://linux.oracle.com/cve/CVE-2019-9893.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-3624.html">https://linux.oracle.com/errata/ELSA-2019-3624.html</a><br><a href="https://seclists.org/oss-sec/2019/q1/179">https://seclists.org/oss-sec/2019/q1/179</a><br><a href="https://security.gentoo.org/glsa/201904-18">https://security.gentoo.org/glsa/201904-18</a><br><a href="https://ubuntu.com/security/notices/USN-4001-1">https://ubuntu.com/security/notices/USN-4001-1</a><br><a href="https://ubuntu.com/security/notices/USN-4001-2">https://ubuntu.com/security/notices/USN-4001-2</a><br><a href="https://usn.ubuntu.com/4001-1/">https://usn.ubuntu.com/4001-1/</a><br><a href="https://usn.ubuntu.com/4001-2/">https://usn.ubuntu.com/4001-2/</a><br><a href="https://www.openwall.com/lists/oss-security/2019/03/15/1">https://www.openwall.com/lists/oss-security/2019/03/15/1</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
|
@ -560,6 +561,8 @@ hide:
|
|||
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html</a><br><a href="http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html">http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html</a><br><a href="https://access.redhat.com/errata/RHSA-2019:3624">https://access.redhat.com/errata/RHSA-2019:3624</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893</a><br><a href="https://github.com/seccomp/libseccomp/issues/139">https://github.com/seccomp/libseccomp/issues/139</a><br><a href="https://linux.oracle.com/cve/CVE-2019-9893.html">https://linux.oracle.com/cve/CVE-2019-9893.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-3624.html">https://linux.oracle.com/errata/ELSA-2019-3624.html</a><br><a href="https://seclists.org/oss-sec/2019/q1/179">https://seclists.org/oss-sec/2019/q1/179</a><br><a href="https://security.gentoo.org/glsa/201904-18">https://security.gentoo.org/glsa/201904-18</a><br><a href="https://ubuntu.com/security/notices/USN-4001-1">https://ubuntu.com/security/notices/USN-4001-1</a><br><a href="https://ubuntu.com/security/notices/USN-4001-2">https://ubuntu.com/security/notices/USN-4001-2</a><br><a href="https://usn.ubuntu.com/4001-1/">https://usn.ubuntu.com/4001-1/</a><br><a href="https://usn.ubuntu.com/4001-2/">https://usn.ubuntu.com/4001-2/</a><br><a href="https://www.openwall.com/lists/oss-security/2019/03/15/1">https://www.openwall.com/lists/oss-security/2019/03/15/1</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
|
@ -743,6 +746,8 @@ hide:
|
|||
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">http://www.openwall.com/lists/oss-security/2022/02/23/4</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0666.html">https://linux.oracle.com/errata/ELSA-2022-0666.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html</a><br><a href="http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html">http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html</a><br><a href="https://access.redhat.com/errata/RHSA-2019:3624">https://access.redhat.com/errata/RHSA-2019:3624</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893</a><br><a href="https://github.com/seccomp/libseccomp/issues/139">https://github.com/seccomp/libseccomp/issues/139</a><br><a href="https://linux.oracle.com/cve/CVE-2019-9893.html">https://linux.oracle.com/cve/CVE-2019-9893.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-3624.html">https://linux.oracle.com/errata/ELSA-2019-3624.html</a><br><a href="https://seclists.org/oss-sec/2019/q1/179">https://seclists.org/oss-sec/2019/q1/179</a><br><a href="https://security.gentoo.org/glsa/201904-18">https://security.gentoo.org/glsa/201904-18</a><br><a href="https://ubuntu.com/security/notices/USN-4001-1">https://ubuntu.com/security/notices/USN-4001-1</a><br><a href="https://ubuntu.com/security/notices/USN-4001-2">https://ubuntu.com/security/notices/USN-4001-2</a><br><a href="https://usn.ubuntu.com/4001-1/">https://usn.ubuntu.com/4001-1/</a><br><a href="https://usn.ubuntu.com/4001-2/">https://usn.ubuntu.com/4001-2/</a><br><a href="https://www.openwall.com/lists/oss-security/2019/03/15/1">https://www.openwall.com/lists/oss-security/2019/03/15/1</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
|
|
|
@ -45113,6 +45113,48 @@ entries:
|
|||
- https://github.com/truecharts/apps/releases/download/promcord-2.0.0/promcord-2.0.0.tgz
|
||||
version: 2.0.0
|
||||
prometheus:
|
||||
- annotations:
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/catagories: |
|
||||
- metrics
|
||||
truecharts.org/grade: U
|
||||
apiVersion: v2
|
||||
appVersion: 0.54.0
|
||||
created: "2022-02-26T00:14:06.44075251Z"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.16.0
|
||||
- condition: exporters.enabled,exporters.node-exporter.enabled
|
||||
name: node-exporter
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 2.4.3
|
||||
- condition: exporters.enabled,exporters.kube-state-metrics.enabled
|
||||
name: kube-state-metrics
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 2.2.8
|
||||
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
|
||||
and Prometheus rules combined with documentation and scripts to provide easy
|
||||
to operate end-to-end Kubernetes cluster monitoring with Prometheus using the
|
||||
Prometheus Operator.
|
||||
digest: 2d3e5de32eb07886f5193633756237510826503c24ff61f4bc2d3e1c9c750e48
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/prometheus
|
||||
icon: https://truecharts.org/_static/img/appicons/prometheus-icon.png
|
||||
keywords:
|
||||
- metrics
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: prometheus
|
||||
sources:
|
||||
- https://github.com/prometheus-community/helm-charts
|
||||
- https://github.com/prometheus-operator/kube-prometheus
|
||||
type: application
|
||||
urls:
|
||||
- https://github.com/truecharts/apps/releases/download/prometheus-1.1.68/prometheus-1.1.68.tgz
|
||||
version: 1.1.68
|
||||
- annotations:
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/catagories: |
|
||||
|
@ -64748,4 +64790,4 @@ entries:
|
|||
urls:
|
||||
- https://github.com/truecharts/apps/releases/download/zwavejs2mqtt-9.0.24/zwavejs2mqtt-9.0.24.tgz
|
||||
version: 9.0.24
|
||||
generated: "2022-02-25T15:12:50.377998638Z"
|
||||
generated: "2022-02-26T00:14:06.448022426Z"
|
||||
|
|
Loading…
Reference in New Issue