Audit Open Original ↗

KEDA

Type

Security review

Client

The Linux Foundation

Date

2022-12

Domain

Supply Chain

Effort

6 wks

Section

Cloud-Native Reviews

Trail of Bits's security review of The Linux Foundation (Dec 2022) identified 8 issues: 1 high, 6 low, and 1 informational.

Findings · 8

1 Use of fmt.Sprintf to build host:port string Informational
2 MongoDB scaler does not encode username and password in connection string Low
3 Prometheus metrics server does not support TLS Low
4 Return value is dereferenced before error check Low
5 Unescaped components in PostgreSQL connection string Low
6 Redis scalers set InsecureSkipVerify when TLS is enabled High
7 Insucient check against nil Low
8 Prometheus metrics server does not support authentication Low

Findings extracted from the published report PDF. See the full report below for details and remediation.

Open the PDF ↗

Related