Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2022-3172 and CVE-2021-25740 #10006

Closed
2 of 3 tasks
tooptoop4 opened this issue Nov 9, 2022 · 1 comment · Fixed by #10008
Closed
2 of 3 tasks

CVE-2022-3172 and CVE-2021-25740 #10006

tooptoop4 opened this issue Nov 9, 2022 · 1 comment · Fixed by #10008
Labels
type/dependencies PRs and issues specific to updating dependencies type/security Security related

Comments

@tooptoop4
Copy link
Contributor

Pre-requisites

  • I have double-checked my configuration
  • I can confirm the issues exists when I tested with :latest
  • I'd like to contribute the fix myself (see contributing guide)

What happened/what you expected to happen?

/bin/kubectl is
kubernetes 1.22.3 (

argo-workflows/Dockerfile

Line 52 in bc01003

RUN curl -o /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.22.3/bin/$(os.sh)/$(arch.sh)/kubectl && \
)

needs to be
kubernetes 1.22.14

Version

latest

Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.

n/a

Logs from the workflow controller

kubectl logs -n argo deploy/workflow-controller | grep ${workflow}

Logs from in your workflow's wait container

kubectl logs -n argo -c wait -l workflows.argoproj.io/workflow=${workflow},workflow.argoproj.io/phase!=Succeeded
@terrytangyuan terrytangyuan mentioned this issue Nov 10, 2022
Merged
@terrytangyuan
Copy link
Member

Thanks. Fixing in #10008.

@agilgur5 agilgur5 added type/security Security related type/dependencies PRs and issues specific to updating dependencies go Pull requests that update Go dependencies and removed type/bug go Pull requests that update Go dependencies labels Oct 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/dependencies PRs and issues specific to updating dependencies type/security Security related
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Upgrade kubectl to v1.24.8 to fix vulnerabilities terrytangyuan/argo-workflows
3 participants
@terrytangyuan @agilgur5 @tooptoop4