Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update prometheus to chainguard for CVE-2024-41110 #3625

Merged
merged 1 commit into from
Aug 30, 2024
Merged

update prometheus to chainguard for CVE-2024-41110 #3625

merged 1 commit into from
Aug 30, 2024
+9 −9

Conversation

cliffcolvin
Copy link
Member

@cliffcolvin cliffcolvin commented Aug 30, 2024
edited
Loading

Signed-off-by: Cliff Colvin [email protected]

What does this PR change?

Update prom reference to point to chainguard latest, fixes CVE-2024-41110

Vulnerability Comparison Report

Image 1: quay.io/prometheus/prometheus:v2.53.1

Total vulnerabilities: 4

Severity Count
Critical 1
High 0
Medium 2
Low 1

Image 2: cgr.dev/chainguard/prometheus

Total vulnerabilities: 0

Severity Count
Critical 0
High 0
Medium 0
Low 0

Added Vulnerabilities

none

Removed Vulnerabilities

CRITICAL

Vulnerability ID
CVE-2024-41110

LOW

Vulnerability ID
GHSA-xr7q-jx4m-x55m

MEDIUM

Vulnerability ID
CVE-2024-35255
CVE-2024-6104

Does this PR rely on any other PRs?

NA

How does this PR impact users? (This is the kind of thing that goes in release notes!)

NA

Links to Issues or tickets this PR addresses or fixes

What risks are associated with merging this PR? What is required to fully test this PR?

How was this PR tested?

Locally

Have you made an update to documentation? If so, please provide the corresponding PR.

NA

@cliffcolvin cliffcolvin merged commit cf87659 into develop Aug 30, 2024
19 checks passed
@cliffcolvin cliffcolvin deleted the fix-prom-CVE-2024-41110 branch August 30, 2024 20:50
@cliffcolvin
Copy link
Member Author

/cherry-pick v2.4

gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Sep 4, 2024
@cliffcolvin
Merge pull request #3625 from kubecost/fix-prom-CVE-2024-41110
6dbac07 
update prometheus to chainguard for CVE-2024-41110
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Sep 4, 2024
Merged
cliffcolvin added a commit that referenced this pull request Sep 4, 2024
@cliffcolvin
Merge pull request #3625 from kubecost/fix-prom-CVE-2024-41110
0f57e2d 
update prometheus to chainguard for CVE-2024-41110
cliffcolvin added a commit that referenced this pull request Sep 4, 2024
@cliffcolvin
Merge pull request #3634 from kubecost/cherry-pick-5af713-v2.4
f959466 
update prometheus to chainguard for CVE-2024-41110 (cherry-pick #3625)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jessegoodier jessegoodier jessegoodier approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cliffcolvin @jessegoodier