Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2024-35255 - github.com/Azure/azure-sdk-for-go/sdk/azidentity #13334

Open
1 task
rgoltz opened this issue Jun 26, 2024 · 0 comments
Open
1 task

Fix CVE-2024-35255 - github.com/Azure/azure-sdk-for-go/sdk/azidentity #13334

rgoltz opened this issue Jun 26, 2024 · 0 comments

Comments

@rgoltz
Copy link

rgoltz commented Jun 26, 2024

Is your feature request related to a problem? Please describe.
The current grafana loki docker image seems to be affected by Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. It's tested with Loki version main-4eb45cc branch main revision 4eb45cc

Describe the solution you'd like

  • Upgrade azidentity to v1.6.0 or above

Details from Image-Scan
Vulnerability ID https://nvd.nist.gov/vuln/detail/CVE-2024-35255
GitHub Advisory GHSA-m5vv-6r4h-3vj9
CWE https://cwe.mitre.org/data/definitions/362.html
Severity Medium
Fix available Yes
Installed version v1.5.2
Fix available v1.6.0
Package Manager GOBINARY
File paths usr/bin/loki
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rgoltz