ALT-PU-2024-12873-2

Package update k8s-trivy-node-collector in branch c10f2

Version0.3.1-alt1

Published2024-09-19

Max severityCRITICAL

Severity:

Closed issues (2)

MEDIUM6.2

Уязвимость компонента net-netip языка программирования Golang, связанная с неправильным контролем доступа, позволяющая нарушителю обойти существующую политику ограничения доступа

Published: 2024-06-13Modified: 2024-12-05

CVSS 3.xMEDIUM 6.2

CVSS:3.x/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

CVSS 2.0MEDIUM 5.2

CVSS:2.0/AV:L/AC:H/Au:N/C:P/I:C/A:P

References

CVE-2024-24790

CRITICAL9.8

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

Published: 2024-06-05Modified: 2024-11-21

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References