Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛Clioudflared 2025.1.0 vulnerable to CVE-2024-4741 #1398

Open
mikocot opened this issue Jan 23, 2025 · 0 comments
Open

🐛Clioudflared 2025.1.0 vulnerable to CVE-2024-4741 #1398

mikocot opened this issue Jan 23, 2025 · 0 comments
Labels
Priority: Normal Minor issue impacting one or more users Type: Bug Something isn't working

Comments

@mikocot
Copy link

mikocot commented Jan 23, 2025

Describe the bug
A clear and concise description of what the bug is.
Cloudflared 2025.1.0 does not pass container scans due to a CVE-2024-4741 vulnerability in its dependencies:

  • openssl version 1.1.1w-0+deb11u1
  • libssl1.1 version 1.1.1w-0+deb11u1

Both are fixed in the next version: 1.1.1w-0+deb11u2
Hence it would be good to do the upgrade.

More details on the CVE:
https://security-tracker.debian.org/tracker/CVE-2024-4741

To Reproduce
Steps to reproduce the behavior:
Scan the container with Twistlock or Wiz:

Expected behavior
Scan passes

Environment and versions

  • OS: linux
  • Architecture: amd64
  • Version: 2025.1.0

Logs and errors

Image

Image
@mikocot mikocot added Priority: Normal Minor issue impacting one or more users Type: Bug Something isn't working labels Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Normal Minor issue impacting one or more users Type: Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mikocot