Security notes¶
In the Container Cloud patch release 2.23.5, 70 vendor-specific Common Vulnerabilities and Exposures (CVE) have been addressed: 7 of critical and 63 of high severity.
The full list of the CVEs present in the current Container Cloud release is available at the Mirantis Security Portal.
Image |
Component name |
CVE |
|---|---|---|
bm/baremetal-dnsmasq |
curl |
CVE-2023-28319 (High) |
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
libcurl |
CVE-2023-28319 (High) |
|
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
libcap2 |
CVE-2023-2603 (High) |
|
ncurses-libs |
CVE-2023-29491 (High) |
|
ncurses-terminfo-base |
CVE-2023-29491 (High) |
|
bm/baremetal-operator |
openssh-client-common |
CVE-2023-28531 (Critical) |
openssh-client-default |
CVE-2023-28531 (Critical) |
|
openssh-keygen |
CVE-2023-28531 (Critical) |
|
ncurses-libs |
CVE-2023-29491 (High) |
|
ncurses-terminfo-base |
CVE-2023-29491 (High) |
|
core/external/nginx |
libwebp |
CVE-2023-1999 (Critical) |
curl |
CVE-2023-28319 (High) |
|
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
libcurl |
CVE-2023-28319 (High) |
|
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
core/frontend |
libwebp |
CVE-2023-1999 (Critical) |
curl |
CVE-2023-28319 (High) |
|
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
libcurl |
CVE-2023-28319 (High) |
|
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
openstack/ironic |
sqlparse |
CVE-2023-30608 (High) |
openstack/ironic-inspector |
Flask |
CVE-2023-30861 (High) |
sqlparse |
CVE-2023-30608 (High) |
|
stacklight/alerta-web |
libcurl |
CVE-2023-28319 (High) |
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
libpq |
CVE-2023-2454 (High) |
|
postgresql15-client |
CVE-2023-2454 (High) |
|
Flask |
CVE-2023-30861 (High) |
|
ncurses-libs |
CVE-2023-29491 (High) |
|
ncurses-terminfo-base |
CVE-2023-29491 (High) |
|
stacklight/alertmanager-webhook-servicenow |
ncurses-libs |
CVE-2023-29491 (High) |
ncurses-terminfo-base |
CVE-2023-29491 (High) |
|
stacklight/alpine-utils |
curl |
CVE-2023-28319 (High) |
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
libcurl |
CVE-2023-28319 (High) |
|
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
stacklight/opensearch |
org.apache.santuario:xmlsec |
CVE-2022-47966 (Critical) |
CVE-2022-21476 (High) |
||
org.slf4j:slf4j-api |
CVE-2018-8088 (Critical) |
|
glib2 |
CVE-2018-16428 (High) |
|
CVE-2018-16429 (High) |
||
stacklight/opensearch-dashboards |
glib2 |
CVE-2018-16428 (High) |
CVE-2018-16429 (High) |
||
stacklight/pgbouncer |
libpq |
CVE-2023-2454 (High) |
postgresql-client |
CVE-2023-2454 (High) |
|
stacklight/prometheus-libvirt-exporter |
libcurl |
CVE-2023-28319 (High) |
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
stacklight/prometheus-patroni-exporter |
ncurses-libs |
CVE-2023-29491 (High) |
ncurses-terminfo-base |
CVE-2023-29491 (High) |
|
stacklight/sf-notifier |
flask |
CVE-2023-30861 (High) |
stacklight/stacklight-toolkit |
curl |
CVE-2023-28319 (High) |
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
libcurl |
CVE-2023-28319 (High) |
|
CVE-2023-28321 (High) |
||
CVE-2023-28322 (High) |
||
stacklight/telegraf |
github.com/docker/docker |
CVE-2023-28840 (High) |
CVE-2023-28840 (High) |