GHSA-pv22-fqcj-7xwh: Inspektor Gadget Security Policies Can be Bypassed

May 6, 2025

Security policies like allowed-gadgets, disallow-pulling, verify-image can be bypassed by a malicious client.

References

github.com/advisories/GHSA-pv22-fqcj-7xwh
github.com/inspektor-gadget/inspektor-gadget
github.com/inspektor-gadget/inspektor-gadget/commit/c51d419964f5b6f9344fcad4faba70e2e025212b
github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-pv22-fqcj-7xwh

Code Behaviors & Features

Detect and mitigate GHSA-pv22-fqcj-7xwh with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →