Github.Com Talos-Systems Talos vulnerabilities

CVE-2022-36103 [HIGH] CWE-732 Talos worker join token can be used to get elevated access level to the Talos API Talos worker join token can be used to get elevated access level to the Talos API ### Impact Talos worker nodes use a join token to get accepted into the Talos cluster. A misconfigured Kubernetes environment may allow workloads to access the join token of the worker node. A malicious workload could then use the join token to construct a Talos CSR (certificate signing request). Due to

[HIGH] CWE-362 Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM ### Impact A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-