Typos and wrong link (#5791)

knative · Dec 5, 2023 · 1f2e64b · 1f2e64b
1 parent 740d717
commit 1f2e64b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/blog/docs/events/security-audit-2023.md b/blog/docs/events/security-audit-2023.md
@@ -14,7 +14,7 @@ Knative Extensions are optional plugins and extensions for different Knative use
 
 Ada Logics found 16 security issues of which all except for one have been fixed with upstream patches. Three of the found issues are in third-party dependencies to Knative. One of the issues found is scored with high severity due to its potential impact (ADA-KNATIVE-23-7). However, an attacker would need to compromise the Knative user’s supply-chain, which is highly unlikely to occur in a real-world scenario because few Knative users consume Knative in a way that would enable the attack. In addition, the attacker would need to time their attack to a high degree. The issue has been fixed.
 
-One CVE was assigned during the audit for a vulnerability that could allow an attacker with already escalated privileges to cause further damage in the cluster. The attacker needs to first establish a position in a Knative pod, and from there, they could exploit the vulnerability and cause denial of service of the Knative autoscaling, thereby denying any autoscaling of Knative. The issue was assigned CVE-2023-48713 of Moderate severity and has been fixed in v1.10.5, v1.12.0 and v1.11.3.
+One CVE was assigned during the audit for a vulnerability that could allow an attacker with already escalated privileges to cause further damage in the cluster. The attacker needs to first establish a position in a Knative pod, and from there, they could exploit the vulnerability and cause denial of service of the Knative autoscaling, thereby denying any autoscaling of Knative. The issue was assigned CVE-2023-48713 of Moderate severity and has been fixed in v1.12.0, v1.11.3 and v1.10.5.
 
 Prior to the audit, Knative had invested in building its own [provenance generator](https://github.com/knative/toolbox/tree/main/provenance-generator) which generates slsa-compliant provenance and adds it to releases. Users can verify the provenance using [the official SLSA guidelines](https://slsa.dev/spec/v1.0/verifying-artifacts) before consuming. The Knative maintainers found that Knative Serving was missing a few lines of Prow configuration which resulted in Knative Serving releases not having provenance. This was fixed [here](https://github.com/knative/infra/pull/288) which ensures that future releases of Knative Serving will include verifiable provenance.
 

diff --git a/blog/docs/index.md b/blog/docs/index.md
@@ -23,7 +23,7 @@ Follow this blog to keep up-to-date with Knative.
 ## Featured Posts
 
 ### Knative Completes Third-Party Security Audit
-A third-party audit by Ada Logics found a small number of issues, including [one CVE](https://github.com/knative/docs/pull/5788).
+A third-party audit by Ada Logics found a small number of issues, including [one CVE](https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547).
 
 [Read more :octicons-arrow-right-24:](events/security-audit-2023.md){ .md-button }