kubelogin is vulnerable to CVE-2023-39323

Question

kubelogin is vulnerable to CVE-2023-39323

Abdulthetechguy opened this issue a year ago · 2 comments

Our image scanner (twistcli) picked this vulnerability up due to the version of Go package being used (version 1.19.10 ). The issue is fixed in versions 1.21.2, 1.20.9 . Can this be changed as it is stopping us from adding kubelogin to our buildgents due to the vulnerability.

Answer 1 · 2023-12-01T23:31:07.000Z

Hi @Abdulthetechguy , thanks for reporting this issue. Can you let me know what's the kubelogin version you are using in this check?

Answer 2 · 2023-12-01T23:33:02.000Z

nvm, I found the latest published version is built with 1.19.10:

kubelogin version
git hash: v0.0.33/441bb556e8486866aa809e9c2b82397f8a01f364
Go version: go1.19.10
Build time: 2023-10-26T15:51:09Z
Platform: darwin/arm64