CVE-2024-45338 #1003

snailshadow · 2025-01-14T10:38:10Z

Describe the bug
A clear and concise description of what the bug is.

I found a high level CVE in the latest version 0.9.1, please help to fix it

To Reproduce
Steps to reproduce the behavior:

Deploy application with the following yaml file with the following VSO custom resources.
Any custom resources used for your secrets.
...
See error (vault-secrets-operator logs, application logs, etc.)

Application deployment:

# Paste your application deployment yaml and custom resources here.
# Be sure to scrub any sensitive values!

Other useful info to include: kubectl describe deployment <app> and kubectl describe <vso-custom-resource> <app> output.

Expected behavior
A clear and concise description of what you expected to happen.

Environment

Kubernetes version:
- Distribution or cloud vendor (OpenShift, EKS, GKE, AKS, etc.):
- Other configuration options or runtime services (istio, etc.):
vault-secrets-operator version:

Additional context
Add any other context about the problem here.

The text was updated successfully, but these errors were encountered:

heatherezell · 2025-01-14T22:35:23Z

Hello! We request that folks email [email protected] for concerns with CVEs, etc. Thanks for your understanding.

snailshadow added the bug Something isn't working label Jan 14, 2025

heatherezell closed this as completed Jan 14, 2025

Provide feedback