110 matches found
apko Exposure of HTTP basic auth credentials in log output
Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output Details There was a handful of instances where the apko tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: 1. The%s verb...
SUSE CVE-2024-36127
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5...
CVE-2024-36127
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5...
CVE-2024-36127 apko Exposure of HTTP basic auth credentials in log output
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5...
CVE-2024-36127 apko Exposure of HTTP basic auth credentials in log output
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5...
CVE-2024-36127
creationtimestamp| type| source ---|---|--- 2024-06-03 13:18:53+00:00| published-proof-of-concept| https://github.com/chainguard-dev/apko/security/advisories/GHSA-v6mg-7f7p-qmqp...
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: tkn, vexctl, zot, chainctl, apko, zarf, flux-source-controller, neuvector-sigstore-interface, skaffold, tekton-chains, kubescape, tekton-chains-fips, aactl, spire-server, melange, gitsign, spire-server-fips, wolfictl, falcoctl, falco, ko-fips, policy-controller, ko,...
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: melange, tekton-chains, vexctl, policy-controller, kubescape, zarf, zot, flux-source-controller, ko, falco, slsa-verifier, falcoctl, wolfictl, aactl, tkn, skaffold, gitsign, spire-server, apko, neuvector-sigstore-interface, goreleaser...
GHSA-88JX-383Q-W4QC vulnerabilities
Vulnerabilities for packages: melange, tekton-chains, vexctl, policy-controller, kubescape, zarf, zot, flux-source-controller, ko, falco, slsa-verifier, falcoctl, wolfictl, aactl, tkn, skaffold, gitsign, spire-server, apko, neuvector-sigstore-interface, goreleaser...
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: melange, tekton-chains, vexctl, policy-controller, kubescape, zarf, zot, flux-source-controller, ko, falco, slsa-verifier, falcoctl, wolfictl, aactl, tkn, skaffold, gitsign, spire-server, apko, neuvector-sigstore-interface, goreleaser...
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: tkn, vexctl, zot, chainctl, apko, zarf, flux-source-controller, neuvector-sigstore-interface, skaffold, tekton-chains, kubescape, tekton-chains-fips, aactl, spire-server, melange, gitsign, spire-server-fips, wolfictl, falcoctl, falco, ko-fips, policy-controller, ko,...
CVE-2024-29902 vulnerabilities
Vulnerabilities for packages: tkn, vexctl, zot, chainctl, apko, zarf, flux-source-controller, neuvector-sigstore-interface, skaffold, tekton-chains, kubescape, tekton-chains-fips, aactl, spire-server, melange, gitsign, spire-server-fips, wolfictl, falcoctl, falco, ko-fips, policy-controller, ko,...
CVE-2024-29902 vulnerabilities
Vulnerabilities for packages: melange, tekton-chains, vexctl, policy-controller, kubescape, zarf, zot, flux-source-controller, ko, falco, slsa-verifier, falcoctl, wolfictl, aactl, tkn, skaffold, gitsign, spire-server, apko, neuvector-sigstore-interface, goreleaser...
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: flux-notification-controller, sops, tkn, vexctl, pulumi-language-dotnet, syft, flux-image-automation-controller, gomplate, crossplane-provider-aws-iam, actions-runner-controller, crossplane-provider-aws-sqs, crossplane-provider-aws-ec2, pulumi, zot, opentofu,...
GHSA-VFP6-JRW2-99G9 vulnerabilities
Vulnerabilities for packages: kubescape, tkn, aactl, policy-controller, ko, spire-server, cosign, slsa-verifier, melange, spire-server-fips, flux-source-controller, skaffold, falco, falcoctl-fips, apko, tekton-chains...
GHSA-VFP6-JRW2-99G9 vulnerabilities
Vulnerabilities for packages: ko, policy-controller, melange, falco, kubescape, skaffold, tkn, spire-server, slsa-verifier, cosign, apko, flux-source-controller, tekton-chains, aactl...
CVE-2023-46737 vulnerabilities
Vulnerabilities for packages: kubescape, tkn, aactl, policy-controller, ko, spire-server, cosign, slsa-verifier, melange, spire-server-fips, flux-source-controller, skaffold, falco, falcoctl-fips, apko, tekton-chains...
CVE-2023-46737 vulnerabilities
Vulnerabilities for packages: ko, policy-controller, melange, falco, kubescape, skaffold, tkn, spire-server, slsa-verifier, cosign, apko, flux-source-controller, tekton-chains, aactl...
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: flux-notification-controller, k3s, kube-logging-operator, kubernetes-ingress-defaultbackend, gomplate, dive, kube-state-metrics-fips, haproxy-ingress, terraform, kube-fluentd-operator, weaviate, aws-load-balancer-controller-fips, kubernetes-csi-external-provisioner,...
CVE-2023-30551 vulnerabilities
Vulnerabilities for packages: aactl, apko, ko...