Moderate: Red Hat Security Advisory: Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2

Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2 Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2 release...

RHCOS 3 : OpenShift Container Platform 3.7 (RHSA-2018:1231)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1231 advisory. - source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go CVE-2018-1102 Note that Nessus has not tested fo...

RHCOS 3 : OpenShift Container Platform 3.6 (RHSA-2018:1233)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1233 advisory. - source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go CVE-2018-1102 Note that Nessus has not tested fo...

Important: Red Hat Security Advisory: OpenShift Source To Image 1.6.0

OpenShift Source To Image 1.6.0 Release Release of OpenShift Source To Image 1.6.0...

[SECURITY] Fedora 42 Update: source-to-image-1.5.1-1.fc42

Source-to-Image S2I is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images,...

[SECURITY] Fedora 43 Update: source-to-image-1.5.1-1.fc43

Source-to-Image S2I is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images,...

Fedora: Security Advisory (FEDORA-2025-dc3c993169)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : source-to-image (2025-96f340d7a0)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-96f340d7a0 advisory. Update to 1.5.1, migrate to Go Vendor Tools Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Developer Tools - Source-to-Image 1.5.2

Red Hat OpenShift Developer Tools - Source-to-Image 1.5.2 release Red Hat OpenShift Developer Tools - Source-to-Image 1.5.2...

RHEL 7 : source-to-image (RHSA-2019:0036)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0036 advisory. Source-to-Image S2I is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container...

Arbitrary File Write

github.com/openshift/source-to-image is vulnerable to Arbitrary File Write. The vulnerability exists due to the improper input validation in tar.go, which allows an attacker to overwrite files outside of the working directory via a Zip Slip...

GHSA-W55J-F7VX-6Q37 Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip)

Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. Specific Go Packages...

Fedora: Security Advisory for source-to-image (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: source-to-image-1.3.1-5.fc36

Source-to-Image S2I is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images,...

Fedora: Security Advisory for source-to-image (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: source-to-image-1.3.1-4.fc35

Source-to-Image S2I is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images,...

Fedora: Security Advisory for source-to-image (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: source-to-image-1.3.1-4.fc36

Source-to-Image S2I is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images,...

Privilege Escalation

Openshift Container Platform is vulnerable to privilege escalation. A remote authenticated attacker could exploit the flawed source-to-image component to open network connections, and possibly other actions, on the host which are normally only available to a root user...

Important: Red Hat Security Advisory: source-to-image security, bug fix, and enhancement update

An update for source-to-image is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...