TKGI CVE 2023-38546
search cancel

TKGI CVE 2023-38546

book

Article ID: 375952

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Integrated (TKGi)

Issue/Introduction

Security scanning software reports that TKGi contains vulnerabilities described in CVE-2023-38546

 

Environment

 

- TKGi NSX-T/NCP components deployed
- libcurl present on the cluster located in /var/vcap/data/packages/pks-nsx-t-curl/###################################/lib/

 

Cause

curl incorrectly handled hostnames when using a SOCKS5 proxy. In environments where curl is configured to use a SOCKS5 proxy, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.

Resolution

TKGi 1.18.5 and 1.19 have the fixes for this

Powered by Wolken Software