Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities found in K8ssandra images #1444

Closed
sync-by-unito bot opened this issue Nov 8, 2024 · 5 comments
Closed

Vulnerabilities found in K8ssandra images #1444

sync-by-unito bot opened this issue Nov 8, 2024 · 5 comments

Comments

@sync-by-unito
Copy link

sync-by-unito bot commented Nov 8, 2024
edited by adejanovski
Loading

The following security vulnerabilities in K8ssandra images were found during routine scans

|----|----|----|
|Vulnerability|Image|Tag|
|PRISMA20230067|docker.io/k8ssandra/cass-management-api|3.11.17|
|GHSAxpw8rcwv-8f8p|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202447561|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202436114|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202430172|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202430171|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202426308|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202425710|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202339410|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202334462|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202333202|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202333201|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202329403|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202242004|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202242003|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202241881|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202241854|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202238752|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202238751|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202238750|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202238749|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202225857|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE20221471|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202147621|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202146877|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202129425|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202120293|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202120289|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202036518|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE20201729|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE20201695|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE202013956|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE201916869|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE20190205|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE20181320|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE201811798|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE201810237|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE20165397|docker.io/k8ssandra/cass-management-api|3.11.17|
|CVE20153254|docker.io/k8ssandra/cass-management-api|3.11.17|

|----|----|
|Vulnerability|Image|
|CVE202230630|docker.io/k8ssandra/cass-management-api:3.11.17|
|CVE202230632|docker.io/k8ssandra/cass-management-api:3.11.17|

|----|----|
|Vulnerability|Image|
|PRISMA20230067|docker.io/k8ssandra/cass-management-api:3.11.13|
|CVE202324329|docker.io/k8ssandra/cass-management-api:3.11.13|
|CVE202340217|docker.io/k8ssandra/cass-management-api:3.11.13|
|CVE20223857|docker.io/k8ssandra/cass-management-api:3.11.13|
|CVE202425710|docker.io/k8ssandra/cass-management-api:3.11.13|
|CVE202426308|docker.io/k8ssandra/cass-management-api:3.11.13|
|CVE202430171|docker.io/k8ssandra/cass-management-api:3.11.13|
|CVE202430172|docker.io/k8ssandra/cass-management-api:3.11.13|
|CVE202227943|docker.io/k8ssandra/medusa:0.22.0|

┆Issue is synchronized with this Jira Bug by Unito
┆Issue Number: K8OP-286
@adejanovski adejanovski changed the title Vulnerabilities found in K8ssandra images by AXON.COM Vulnerabilities found in K8ssandra images Nov 8, 2024
@k8ssandra k8ssandra deleted a comment from sync-by-unito bot Nov 8, 2024
@sync-by-unito Sync by Unito
Copy link
Author

sync-by-unito bot commented Nov 16, 2024

➤ Amanda Skuldt commented:

John Messavussu I added the vulnerability issue type to this project and converted this to a vulnerability. Normally this would be an epic and each CVE would be its own ticket, but however this will be fixed quickest is fine given the customer involvement.

@sync-by-unito Sync by Unito
Copy link
Author

sync-by-unito bot commented Nov 16, 2024

➤ Amanda Skuldt commented:

Some of these are critical and need to be sorted ASAP: https://nvd.nist.gov/vuln/detail/cve-2024-47561 ( https://nvd.nist.gov/vuln/detail/cve-2024-47561|smart-link )

@sync-by-unito Sync by Unito
Copy link
Author

sync-by-unito bot commented Nov 16, 2024

➤ John Messavussu commented:

cc: Alexander Dejanovski to prioritize and assign.

@sync-by-unito Sync by Unito
Copy link
Author

sync-by-unito bot commented Nov 18, 2024

➤ Michael Burman commented:

We do not build new 3.11 images anymore (3.11 support is deprecated). The medusa image is old (4 months ago) and has been superseded by 3 different patch releases since then and version 0.22.3 is in the current k8ssandra-operator release.

Are these some old scans?

@burmanm
Copy link
Contributor

burmanm commented Nov 21, 2024

Closing this as out of date.

@burmanm burmanm closed this as completed Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
No open projects
K8ssandra
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@burmanm