[Security Advisory] CVE-2023-2253 in nfd-master and nfd-topology-updater

[sakshisharma84]

Hi guys,

We are using the latest version(v0.13.2) of node-feature-discovery and our sysdig scanner shows a vulnerability(CVE-2023-2253) in the following two binaries: nfd-master and nfd-topology-updater (screenshots attached for reference).

Are there any plans to roll out the fixes any time soon?

[marquiz]

It's in an indirect dependency brought in by kubernetes. I don't see any reason this particular vulnerability would be relevant to nfd. Moreover, it hasn't been fixed in kubernetes release branches so we cannot update it either.

If you're concerned please report against kubernetes.