Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-28 00:47:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 94
fleet/security/vex/fleetctl/CVE-2025-46569.vex.json
Lucas Manuel Rodriguez bfe3b186d3
Fix detected CVEs and docker scout exit code to fail the Github Action (#28836) 
For #28837.

Fixing this all of this because we got multiple reports from the
community and customers and these were also detected by Amazon
Inspector.

- Fixes CVE-2025-22871 by upgrading Go from 1.24.1 to 1.24.2.
- `docker scout` now fails the daily scheduled action if there are
CRITICAL,HIGH CVEs (we missed setting `exit-code: true`).
- Report CVE-2025-46569 as not affected by it because of our use of
OPA's go package.
- Report CVE-2024-8260 as not affected by it because Fleet doesn't run
on Windows.
- The `security/status.md` shows a lot of changes because we are now
sorting CVEs so that newest come first.

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
2025-05-06 13:35:27 -03:00

26 lines
719 B
JSON
Raw Blame History

{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "https://openvex.dev/docs/public/vex-44fea98cce6ba07bcbf47bb1a9fb2a7513d9867059bf4537b75931e1f93b0c44",
"author": "@lucasmrod",
"timestamp": "2025-05-06T07:47:31.187844-03:00",
"version": 1,
"statements": [
{
"vulnerability": {
"name": "CVE-2025-46569"
},
"timestamp": "2025-05-06T07:47:31.187848-03:00",
"products": [
{
"@id": "fleetctl"
},
{
"@id": "pkg:golang/github.com/open-policy-agent/opa"
}
],
"status": "not_affected",
"status_notes": "fleetctl does not use OPA.",
"justification": "vulnerable_code_not_in_execute_path"
}
]
}
Reference in a new issue View git blame Copy permalink