Update kube-rbac-proxy to v0.14.0 or later and address CVE-2023-44487 in the manager container for summerwind/actions-runner-controller:v0.27.0 #3822
Unanswered
SiddharamAlagi
asked this question in
Questions
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
We are currently using the summerwind/actions-runner-controller:v0.27.0 image in our environment, which includes two containers:
kube-rbac-proxy: Image version v0.13.1 (vulnerable to CVE-2023-44487).
manager: Part of the controller, also flagged for CVE-2023-44487.
Issue Details
The kube-rbac-proxy container needs to be updated to version v0.14.0 or later to resolve the CVE-2023-44487 vulnerability.
The latest Helm chart still uses the vulnerable v0.13.1 image for this container.
The manager container in the image is also impacted by the same vulnerability. Guidance or an updated image is required to address this issue.
Request:
Update the Helm chart to use kube-rbac-proxy:v0.14.0 or a later version.
Provide a resolution for the manager container vulnerability in the summerwind/actions-runner-controller image.
References:
CVE-2023-44487 details: Link to CVE-2023-44487 Details
Current image: summerwind/actions-runner-controller:v0.27.0
Environment:
Helm Chart Version: 0.22.0
Controller Image: summerwind/actions-runner-controller
.27.0
kube-rbac-proxy Version: v0.13.1
Affected Container: kube-rbac-proxy and manager
Thank you for addressing this issue. Please let us know if additional information or testing assistance is needed.
Beta Was this translation helpful? Give feedback.
All reactions