kured icon indicating copy to clipboard operation
kured copied to clipboard
verified publisher icon kubereboot

A security vulnerability may cause whole cluster been hijacked

Open kaaass opened this issue 1 year ago • 3 comments

Hi community! I found a vulnerability in kured and reported it privately with respect to the security policy one week ago. I tried to send an email to the security mailing list, but I haven't received any response currently. This is not urging, I just wanted to ask if I haven't been successful in getting in touch with the maintainer (e.g. maybe the email is recognized as spam). I apologize if this issue has caused any trouble.

kaaass avatar Jul 04 '24 07:07 kaaass

Hi @kaaass, we discussed your report internally last week, but due to the holiday season, we where not be able to answer your mail, we apologize. We already discussed a possible solution and will implement this in the next weeks. Thanks again for your report, we appreciate that!

ckotzbauer avatar Jul 08 '24 10:07 ckotzbauer

@ckotzbauer Thank you for the reply and the confirmation! May I ask if kured plans to disclose this vulnerability? For example, assigning a CVE. Vulnerability disclosure often helps users update to the latest version to reduce risk.

kaaass avatar Jul 08 '24 12:07 kaaass

Sure, we will discuss this!

ckotzbauer avatar Jul 08 '24 12:07 ckotzbauer

This issue was automatically considered stale due to lack of activity. Please update it and/or join our slack channels to promote it, before it automatically closes (in 7 days).

github-actions[bot] avatar Sep 07 '24 01:09 github-actions[bot]