Security notes

In total, since Container Cloud 2.23.0 major release, in 2.24.0, 2130 Common Vulnerabilities and Exposures (CVE) have been fixed: 98 of critical and 2032 of high severity.

Among them, 984 CVEs that are listed in Addressed CVEs - detailed Addressed CVEs - detailed have been fixed since the 2.23.5 patch release: 62 of critical and 922 of high severity. The remaining CVEs were addressed since Container Cloud 2.23.0 and the fixes released with the patch releases of the 2.23.x series.

The summary table contains the total number of unique CVEs along with the total number of issues fixed across the images.

The full list of the CVEs present in the current Container Cloud release is available at the Mirantis Security Portal.

Addressed CVEs - summary

Severity

Critical

High

Total

Unique CVEs

18

88

106

Total issues across images

62

922

984

Addressed CVEs - detailed

Image

Component name

CVE

bm/baremetal-dnsmasq

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

bm/baremetal-operator

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

cryptography

CVE-2023-2650 (High)

bm/bm-collective

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

bm/kaas-ipam

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

bm/syslog-ng

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

ceph/mcp/ceph-controller

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

ceph/rook

openssl

CVE-2022-3786 (High)

CVE-2023-0286 (High)

CVE-2022-3602 (High)

openssl-libs

CVE-2022-3602 (High)

CVE-2022-3786 (High)

CVE-2023-0286 (High)

cryptography

CVE-2023-2650 (High)

core/admission-controller

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/agent-controller

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/aws-cluster-api-controller

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/aws-credentials-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/azure-cluster-api-controller

helm.sh/helm/v3

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

CVE-2021-32690 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/azure-credentials-controller

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/bootstrap-controller

helm.sh/helm/v3

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

CVE-2021-32690 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/byo-cluster-api-controller

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/byo-credentials-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/ceph-kcc-controller

helm.sh/helm/v3

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

CVE-2021-32690 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/cluster-api-provider-baremetal

helm.sh/helm/v3

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

CVE-2021-32690 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/configuration-collector

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/equinix-cluster-api-controller

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/equinix-credentials-controller

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/event-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/external/nginx

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

libx11

CVE-2023-3138 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

core/frontend

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

libx11

CVE-2023-3138 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

core/iam-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/kaas-exporter

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/kproxy

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/lcm-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/license-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/machinepool-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/openstack-cluster-api-controller

helm.sh/helm/v3

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

CVE-2021-32690 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/os-credentials-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/portforward-controller

helm.sh/helm/v3

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

CVE-2021-32690 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/proxy-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/rbac-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/release-controller

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/rhellicense-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/scope-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/user-controller

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/vsphere-cluster-api-controller

helm.sh/helm/v3

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

CVE-2021-32690 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/vsphere-credentials-controller

helm.sh/helm/v3

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

CVE-2021-32690 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

core/vsphere-vm-template-controller

helm.sh/helm/v3

CVE-2021-32690 (High)

CVE-2022-23525 (High)

CVE-2022-23526 (High)

CVE-2022-23524 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

iam/keycloak

io.vertx:vertx-core

CVE-2021-4125 (High)

CVE-2021-44228 (Critical)

CVE-2021-44530 (Critical)

CVE-2021-45046 (Critical)

org.apache.cxf:cxf-core

CVE-2022-46364 (Critical)

CVE-2022-46363 (High)

org.apache.cxf:cxf-rt-transports-http

CVE-2022-46363 (High)

CVE-2022-46364 (Critical)

org.apache.santuario:xmlsec

CVE-2022-21476 (High)

CVE-2022-47966 (Critical)

org.apache.kafka:kafka-clients

CVE-2023-25194 (High)

CVE-2021-46877 (High)

CVE-2020-36518 (High)

com.fasterxml.jackson.core:jackson-databind

CVE-2023-35116 (High)

CVE-2022-42003 (High)

CVE-2022-42004 (High)

CVE-2023-35116 (High)

CVE-2022-42003 (High)

CVE-2022-42004 (High)

CVE-2023-35116 (High)

CVE-2022-42003 (High)

CVE-2022-42004 (High)

com.google.protobuf:protobuf-java

CVE-2022-3509 (High)

CVE-2022-3510 (High)

com.google.protobuf:protobuf-java-util

CVE-2022-3509 (High)

CVE-2022-3510 (High)

org.yaml:snakeyaml

CVE-2022-25857 (High)

java-11-openjdk-headless

CVE-2023-21930 (High)

platform-python

CVE-2023-24329 (High)

python3-libs

CVE-2023-24329 (High)

lcm/docker/ucp

curl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-23914 (Critical)

CVE-2023-28319 (High)

libcurl

CVE-2023-28319 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-23914 (Critical)

github.com/crewjam/saml

CVE-2022-41912 (Critical)

CVE-2023-28119 (High)

libcrypto1.1

CVE-2023-0464 (High)

CVE-2023-2650 (High)

libssl1.1

CVE-2023-0464 (High)

CVE-2023-2650 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

github.com/opencontainers/runc

CVE-2023-28642 (High)

github.com/docker/cli

CVE-2021-41092 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

lcm/docker/ucp-agent

curl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

CVE-2023-23914 (Critical)

libcurl

CVE-2023-23914 (Critical)

CVE-2023-28319 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

github.com/crewjam/saml

CVE-2022-41912 (Critical)

CVE-2023-28119 (High)

libcrypto1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

libssl1.1

CVE-2023-0464 (High)

CVE-2023-2650 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

github.com/opencontainers/runc

CVE-2023-28642 (High)

github.com/docker/cli

CVE-2021-41092 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-auth

curl

CVE-2023-23914 (Critical)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

libcurl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

CVE-2023-23914 (Critical)

github.com/crewjam/saml

CVE-2022-41912 (Critical)

CVE-2023-28119 (High)

libcrypto1.1

CVE-2023-0464 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

libssl1.1

CVE-2023-2650 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-auth-store

github.com/crewjam/saml

CVE-2023-28119 (High)

CVE-2022-41912 (Critical)

curl

CVE-2023-28319 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

libcurl

CVE-2023-28319 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

libcrypto1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

libssl1.1

CVE-2023-0464 (High)

CVE-2023-2650 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

lcm/docker/ucp-azure-ip-allocator

curl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

libcurl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

libcrypto1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

libssl1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

lcm/docker/ucp-calico-cni

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

golang.org/x/crypto

CVE-2022-27191 (High)

CVE-2020-29652 (High)

CVE-2021-43565 (High)

golang.org/x/text

CVE-2022-32149 (High)

CVE-2020-14040 (High)

CVE-2021-38561 (High)

CVE-2022-32149 (High)

golang.org/x/net

CVE-2022-27664 (High)

CVE-2021-33194 (High)

CVE-2022-27664 (High)

github.com/containernetworking/cni

CVE-2021-20206 (High)

github.com/gogo/protobuf

CVE-2021-3121 (High)

lcm/docker/ucp-calico-kube-controllers

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-calico-node

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

openssl-libs

CVE-2023-0286 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-cfssl

curl

CVE-2023-28319 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-23914 (Critical)

libcurl

CVE-2023-23914 (Critical)

CVE-2023-28319 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

libcrypto1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

libssl1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-compose

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

golang.org/x/crypto

CVE-2021-43565 (High)

CVE-2022-27191 (High)

CVE-2021-43565 (High)

CVE-2022-27191 (High)

golang.org/x/net

CVE-2021-33194 (High)

CVE-2022-27664 (High)

CVE-2021-33194 (High)

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

CVE-2021-38561 (High)

CVE-2022-32149 (High)

CVE-2021-38561 (High)

CVE-2022-32149 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

github.com/prometheus/client_golang

CVE-2022-21698 (High)

lcm/docker/ucp-containerd-shim-process

golang.org/x/net

CVE-2021-33194 (High)

CVE-2022-27664 (High)

CVE-2021-33194 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

lcm/docker/ucp-controller

curl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

CVE-2023-23914 (Critical)

libcurl

CVE-2023-23914 (Critical)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

github.com/crewjam/saml

CVE-2022-41912 (Critical)

CVE-2023-28119 (High)

libcrypto1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

libssl1.1

CVE-2023-2650 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

github.com/opencontainers/runc

CVE-2023-28642 (High)

github.com/docker/cli

CVE-2021-41092 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-coredns

golang.org/x/net

CVE-2022-27664 (High)

CVE-2022-41721 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-dsinfo

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

golang.org/x/crypto

CVE-2021-43565 (High)

CVE-2022-27191 (High)

CVE-2021-43565 (High)

golang.org/x/net

CVE-2022-27664 (High)

CVE-2021-33194 (High)

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

CVE-2021-38561 (High)

CVE-2022-32149 (High)

CVE-2021-38561 (High)

CVE-2022-32149 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

github.com/prometheus/client_golang

CVE-2022-21698 (High)

lcm/docker/ucp-etcd

curl

CVE-2023-28319 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-23914 (Critical)

libcurl

CVE-2023-28319 (High)

CVE-2023-23914 (Critical)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

libcrypto1.1

CVE-2023-2650 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

libssl1.1

CVE-2023-0464 (High)

CVE-2023-2650 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

golang.org/x/text

CVE-2022-32149 (High)

CVE-2021-38561 (High)

CVE-2022-32149 (High)

CVE-2021-38561 (High)

CVE-2022-32149 (High)

golang.org/x/net

CVE-2022-27664 (High)

lcm/docker/ucp-hardware-info

curl

CVE-2023-28319 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-23914 (Critical)

libcurl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-23914 (Critical)

CVE-2023-28319 (High)

libcrypto1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

CVE-2023-0464 (High)

libssl1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

CVE-2023-0464 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

github.com/docker/docker

CVE-2023-28840 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-interlock

curl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

CVE-2023-23914 (Critical)

libcurl

CVE-2023-28319 (High)

CVE-2023-23914 (Critical)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

libcrypto1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

CVE-2023-0464 (High)

libssl1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

CVE-2023-0464 (High)

golang.org/x/net

CVE-2022-41721 (High)

CVE-2022-27664 (High)

github.com/containerd/containerd

CVE-2023-25173 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-interlock-config

curl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

libcurl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

libcrypto1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

libssl1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

libwebp

CVE-2023-1999 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

lcm/docker/ucp-interlock-extension

curl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

CVE-2023-23914 (Critical)

libcurl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-23914 (Critical)

CVE-2023-28319 (High)

libcrypto1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

libssl1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

golang.org/x/net

CVE-2022-41721 (High)

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-interlock-proxy

curl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

libcurl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

libcrypto1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

libssl1.1

CVE-2023-0464 (High)

CVE-2023-2650 (High)

libwebp

CVE-2023-1999 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

lcm/docker/ucp-kube-ingress-controller

curl

CVE-2022-43551 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-23914 (Critical)

CVE-2022-32221 (Critical)

CVE-2022-42915 (High)

CVE-2022-42916 (High)

CVE-2023-28319 (High)

libcurl

CVE-2022-32221 (Critical)

CVE-2022-42915 (High)

CVE-2022-42916 (High)

CVE-2023-23914 (Critical)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

CVE-2022-43551 (High)

libcrypto1.1

CVE-2023-0464 (High)

CVE-2023-2650 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

libssl1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

openssl

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

CVE-2023-0464 (High)

golang.org/x/net

CVE-2022-41721 (High)

CVE-2022-27664 (High)

libxml2

CVE-2022-40303 (High)

CVE-2022-40304 (High)

github.com/opencontainers/runc

CVE-2023-28642 (High)

golang.org/x/text

CVE-2022-32149 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

lcm/docker/ucp-metrics

curl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

libcurl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

libcrypto1.1

CVE-2023-0464 (High)

CVE-2023-2650 (High)

libssl1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

github.com/docker/docker

CVE-2023-28840 (High)

golang.org/x/net

CVE-2022-41723 (High)

lcm/docker/ucp-node-feature-discovery

libssl3

CVE-2023-0286 (High)

openssl

CVE-2023-0286 (High)

github.com/prometheus/client_golang

CVE-2022-21698 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

gopkg.in/yaml.v3

CVE-2022-28948 (High)

lcm/docker/ucp-nvidia-device-plugin

golang.org/x/net

CVE-2022-27664 (High)

CVE-2021-33194 (High)

golang.org/x/text

CVE-2022-32149 (High)

CVE-2021-38561 (High)

libssl3

CVE-2023-0286 (High)

openssl

CVE-2023-0286 (High)

github.com/prometheus/client_golang

CVE-2022-21698 (High)

lcm/docker/ucp-nvidia-gpu-feature-discovery

golang.org/x/net

CVE-2022-41721 (High)

CVE-2022-27664 (High)

libssl3

CVE-2023-0286 (High)

openssl

CVE-2023-0286 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-secureoverlay-agent

curl

CVE-2023-28319 (High)

CVE-2023-23914 (Critical)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

libcurl

CVE-2023-28319 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-23914 (Critical)

libcrypto1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

libssl1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-secureoverlay-mgr

curl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-23914 (Critical)

CVE-2023-28319 (High)

libcurl

CVE-2023-23914 (Critical)

CVE-2023-28319 (High)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

libcrypto1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

libssl1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/docker/ucp-sf-notifier

Werkzeug

CVE-2022-29361 (Critical)

CVE-2023-25577 (High)

libcrypto1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

libssl1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

CVE-2023-0464 (High)

openssl-dev

CVE-2023-0464 (High)

CVE-2023-2650 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

cryptography

CVE-2023-2650 (High)

Flask

CVE-2023-30861 (High)

krb5-libs

CVE-2022-42898 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

wheel

CVE-2022-40898 (High)

lcm/docker/ucp-swarm

curl

CVE-2023-23914 (Critical)

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

libcurl

CVE-2023-27533 (High)

CVE-2023-27534 (High)

CVE-2023-27536 (High)

CVE-2023-28319 (High)

CVE-2023-23914 (Critical)

libcrypto1.1

CVE-2023-0464 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

libssl1.1

CVE-2023-0464 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

github.com/hashicorp/consul

CVE-2022-29153 (High)

CVE-2022-38149 (High)

CVE-2020-7219 (High)

CVE-2021-37219 (High)

golang.org/x/crypto

CVE-2022-27191 (High)

CVE-2020-29652 (High)

CVE-2021-43565 (High)

golang.org/x/net

CVE-2021-33194 (High)

CVE-2022-27664 (High)

github.com/docker/docker

CVE-2023-28840 (High)

github.com/docker/distribution

CVE-2017-11468 (High)

lcm/external/aws-cloud-controller-manager

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

golang.org/x/crypto

CVE-2021-43565 (High)

CVE-2022-27191 (High)

github.com/prometheus/client_golang

CVE-2022-21698 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

gopkg.in/yaml.v3

CVE-2022-28948 (High)

lcm/external/aws-ebs-csi-driver

ncurses-libs

CVE-2023-29491 (High)

systemd-libs

CVE-2023-26604 (High)

golang.org/x/net

CVE-2022-41721 (High)

golang.org/x/text

CVE-2022-32149 (High)

lcm/external/csi-attacher

golang.org/x/crypto

CVE-2021-43565 (High)

CVE-2022-27191 (High)

CVE-2020-29652 (High)

CVE-2021-43565 (High)

CVE-2022-27191 (High)

CVE-2020-29652 (High)

CVE-2021-43565 (High)

CVE-2022-27191 (High)

CVE-2020-29652 (High)

golang.org/x/net

CVE-2021-33194 (High)

golang.org/x/text

CVE-2021-38561 (High)

github.com/gogo/protobuf

CVE-2021-3121 (High)

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

lcm/external/csi-provisioner

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

lcm/external/csi-resizer

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

lcm/helm/tiller

libcrypto1.1

CVE-2021-23840 (High)

CVE-2020-1967 (High)

CVE-2021-3450 (High)

CVE-2021-3711 (Critical)

CVE-2021-3712 (High)

libssl1.1

CVE-2020-1967 (High)

CVE-2021-3450 (High)

CVE-2021-3711 (Critical)

CVE-2021-3712 (High)

CVE-2021-23840 (High)

apk-tools

CVE-2021-36159 (Critical)

CVE-2021-30139 (High)

zlib

CVE-2022-37434 (Critical)

busybox

CVE-2021-42378 (High)

CVE-2021-42379 (High)

CVE-2021-42380 (High)

CVE-2021-42381 (High)

CVE-2021-42382 (High)

CVE-2021-42383 (High)

CVE-2021-42384 (High)

CVE-2021-42385 (High)

CVE-2021-42386 (High)

CVE-2021-28831 (High)

ssl_client

CVE-2021-28831 (High)

CVE-2021-42378 (High)

CVE-2021-42379 (High)

CVE-2021-42380 (High)

CVE-2021-42381 (High)

CVE-2021-42382 (High)

CVE-2021-42383 (High)

CVE-2021-42384 (High)

CVE-2021-42385 (High)

CVE-2021-42386 (High)

lcm/kubernetes/cinder-csi-plugin-amd64

libtasn1-6

CVE-2021-46848 (Critical)

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

libssl1.1

CVE-2023-0286 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

openssl

CVE-2023-0286 (High)

CVE-2022-4450 (High)

CVE-2023-0215 (High)

libsystemd0

CVE-2023-26604 (High)

libudev1

CVE-2023-26604 (High)

udev

CVE-2023-26604 (High)

libgnutls30

CVE-2023-0361 (High)

golang.org/x/net

CVE-2022-27664 (High)

golang.org/x/text

CVE-2022-32149 (High)

gopkg.in/yaml.v3

CVE-2022-28948 (High)

lcm/kubernetes/openstack-cloud-controller-manager-amd64

github.com/emicklei/go-restful

CVE-2022-1996 (Critical)

zlib

CVE-2022-37434 (Critical)

golang.org/x/crypto

CVE-2022-27191 (High)

CVE-2021-43565 (High)

golang.org/x/text

CVE-2021-38561 (High)

CVE-2022-32149 (High)

github.com/prometheus/client_golang

CVE-2022-21698 (High)

golang.org/x/net

CVE-2022-27664 (High)

gopkg.in/yaml.v3

CVE-2022-28948 (High)

k8s.io/kubernetes

CVE-2021-25741 (High)

lcm/mcc-haproxy

pcre2

CVE-2022-1586 (Critical)

CVE-2022-1587 (Critical)

zlib

CVE-2022-37434 (Critical)

libcrypto1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

CVE-2023-0464 (High)

libssl1.1

CVE-2022-4450 (High)

CVE-2023-0215 (High)

CVE-2023-0286 (High)

CVE-2023-2650 (High)

CVE-2023-0464 (High)

busybox

CVE-2022-30065 (High)

ssl_client

CVE-2022-30065 (High)

lcm/registry

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

mirantis/ceph

openssl

CVE-2022-3786 (High)

CVE-2023-0286 (High)

CVE-2022-3602 (High)

openssl-libs

CVE-2022-3602 (High)

CVE-2022-3786 (High)

CVE-2023-0286 (High)

python3

CVE-2023-24329 (High)

python3-devel

CVE-2023-24329 (High)

python3-libs

CVE-2023-24329 (High)

mirantis/cephcsi

openssl

CVE-2022-3786 (High)

CVE-2023-0286 (High)

CVE-2022-3602 (High)

openssl-libs

CVE-2022-3602 (High)

CVE-2022-3786 (High)

CVE-2023-0286 (High)

cryptography

CVE-2023-2650 (High)

mirantis/fio

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

stacklight/alerta-web

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

stacklight/alertmanager-webhook-servicenow

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

openssl-dev

CVE-2023-2650 (High)

Flask

CVE-2023-30861 (High)

stacklight/alpine-utils

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

stacklight/blackbox-exporter

golang.org/x/net

CVE-2022-41723 (High)

stacklight/cadvisor

libcrypto1.1

CVE-2023-2650 (High)

libssl1.1

CVE-2023-2650 (High)

stacklight/cerebro

org.xerial:sqlite-jdbc

CVE-2023-32697 (Critical)

com.fasterxml.jackson.core:jackson-databind

CVE-2023-35116 (High)

CVE-2022-42003 (High)

CVE-2022-42004 (High)

CVE-2020-36518 (High)

CVE-2021-46877 (High)

libssl1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

openssl

CVE-2023-2650 (High)

CVE-2023-0464 (High)

stacklight/ironic-prometheus-exporter

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

stacklight/k8s-sidecar

libcrypto1.1

CVE-2023-2650 (High)

libssl1.1

CVE-2023-2650 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

stacklight/kubectl

libssl1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

openssl

CVE-2023-2650 (High)

CVE-2023-0464 (High)

stacklight/metric-collector

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

stacklight/node-exporter

golang.org/x/net

CVE-2022-41723 (High)

stacklight/opensearch

org.codelibs.elasticsearch.module:ingest-common

CVE-2019-7611 (High)

CVE-2015-5377 (Critical)

org.springframework:spring-core

CVE-2023-20860 (High)

stacklight/opensearch-dashboards

decode-uri-component

CVE-2022-38900 (High)

glob-parent

CVE-2021-35065 (High)

stacklight/prometheus

github.com/docker/docker

CVE-2023-28840 (High)

golang.org/x/net

CVE-2022-41723 (High)

stacklight/prometheus-es-exporter

libcrypto1.1

CVE-2023-2650 (High)

libssl1.1

CVE-2023-2650 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

stacklight/prometheus-libvirt-exporter

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

stacklight/prometheus-patroni-exporter

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

stacklight/prometheus-relay

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

stacklight/sf-notifier

libcrypto1.1

CVE-2023-2650 (High)

libssl1.1

CVE-2023-2650 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

openssl-dev

CVE-2023-2650 (High)

stacklight/sf-reporter

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

stacklight/stacklight-toolkit

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

stacklight/telegraf

libssl1.1

CVE-2023-2650 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

CVE-2023-0464 (High)

openssl

CVE-2023-2650 (High)

CVE-2023-0464 (High)

CVE-2023-2650 (High)

CVE-2023-0464 (High)

stacklight/telemeter

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

stacklight/tungstenfabric-prometheus-exporter

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)

stacklight/yq

libcrypto3

CVE-2023-2650 (High)

libssl3

CVE-2023-2650 (High)