Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: CVE-2022-1271 and CVE-2024-3596 Vulnerabilities detected in the latest image version #2778

Open
Nikhil1203 opened this issue Jan 9, 2025 · 0 comments
Open

[Bug]: CVE-2022-1271 and CVE-2024-3596 Vulnerabilities detected in the latest image version #2778

Nikhil1203 opened this issue Jan 9, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@Nikhil1203
Copy link

What happened?

Image with High Severity CVE: CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip\'s zgrep utility. When zgrep is applied on the attacker\'s chosen file name (for example, a crafted file name), this can overwrite an attacker\'s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Operating System: CentOS Stream release 9
Asset Tertiary Identifier: sha256:87c3a239c2ed89773cb45a3ba29c6f6a57ea1d71c79e82ec18e44d18fbb0b812
CVE:
CVE-2022-1271
CVE-2024-3596
Image Name: docker.io/jaegertracing/jaeger-operator:1.62.0
Labels: org.label-schema.license:GPLv2,org.label-schema.name:CentOS Stream 9 Base Image,org.label-schema.schema-version:1.0,org.label-schema.vendor:CentOS,io.buildah.version:1.33.8,org.label-schema.build-date:20241008
PackageName: xz
PackageVersion: 5.2.5-8.el9
Image Name: docker.io/jaegertracing/jaeger-operator:1.62.0
Labels: org.label-schema.license:GPLv2,org.label-schema.name:CentOS Stream 9 Base Image,org.label-schema.schema-version:1.0,org.label-schema.vendor:CentOS,io.buildah.version:1.33.8,org.label-schema.build-date:20241008
PackageName: krb5
PackageVersion: 1.21.1-3.el9

Steps to reproduce

kubectl apply -f https://github.com/jaegertracing/jaeger-operator/releases/download/v1.62.0/jaeger-operator.yaml -n
##Apply Simple-jaeger
kubectl apply -f simple-jaeger.yaml -n

Expected behavior

Vulnerabilities are reported in the scan's

Relevant log output



Screenshot


No response


Additional context


No response


Jaeger backend version


1.62


SDK


No response


Pipeline


No response


Stogage backend


No response


Operating system


No response


Deployment model


Docker


Deployment configs



      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
            

    

      
    

    


      

          @Nikhil1203
Nikhil1203




          added
  the 

  bug

  Something isn't working
 label


      Jan 9, 2025

    

  












  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    bug

  Something isn't working








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  




          
    
No branches or pull requests







    
  




      

    

  
      

  

    

      1 participant
    

    

        
          @Nikhil1203