loki icon indicating copy to clipboard operation
loki copied to clipboard
verified publisher icon grafana

Fix CVE-2024-35255 - github.com/Azure/azure-sdk-for-go/sdk/azidentity

Open rgoltz opened this issue 1 year ago • 0 comments

Is your feature request related to a problem? Please describe. The current grafana loki docker image seems to be affected by Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. It's tested with Loki version main-4eb45cc branch main revision 4eb45cc58

Describe the solution you'd like

  • [ ] Upgrade azidentity to v1.6.0 or above

Details from Image-Scan
Vulnerability ID https://nvd.nist.gov/vuln/detail/CVE-2024-35255
GitHub Advisory https://github.com/advisories/GHSA-m5vv-6r4h-3vj9
CWE https://cwe.mitre.org/data/definitions/362.html
Severity Medium
Fix available Yes
Installed version v1.5.2
Fix available v1.6.0
Package Manager GOBINARY
File paths usr/bin/loki

rgoltz avatar Jun 26 '24 19:06 rgoltz