Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 279. Vulnerability Details ** CVEID: CVE-2024-24790 DESCRIPTION: **An unspecified error related to various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses in the net/netip package in Golang Go has an unknown impact and attack vector. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292953 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) ** CVEID: CVE-2024-5321 DESCRIPTION: **Kubernetes kubelet could allow a local authenticated attacker to bypass security restrictions, caused by incorrect permissions on Windows containers logs. By sending a specially crafted request, an attacker could exploit this vulnerability to read and modify container logs. CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298140 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) ** CVEID: CVE-2019-1002100 DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service. By sending a specially crafted patch of type "json-patch" requests, a remote authenticated attacker could exploit this vulnerability to consume an excessive amount of resources. CVSS Base score: 6.5 CVSS Temporal Score: See: …Read More