Security notes¶
In total, since Container Cloud 2.24.1, in 2.24.3, 63 Common Vulnerabilities and Exposures (CVE) with high severity have been fixed.
The summary table contains the total number of unique CVEs along with the total number of issues fixed across the images.
The full list of the CVEs present in the current Container Cloud release is available at the Mirantis Security Portal.
Severity |
Critical |
High |
Total |
|---|---|---|---|
Unique CVEs |
0 |
15 |
15 |
Total issues across images |
0 |
63 |
63 |
Image |
Component name |
CVE |
|---|---|---|
bm/external/metallb/controller |
libcrypto3 |
CVE-2023-0464 (High) |
CVE-2023-2650 (High) |
||
libssl3 |
CVE-2023-2650 (High) |
|
CVE-2023-0464 (High) |
||
golang.org/x/net |
CVE-2022-41723 (High) |
|
bm/external/metallb/speaker |
libcrypto3 |
CVE-2023-2650 (High) |
CVE-2023-0464 (High) |
||
libssl3 |
CVE-2023-0464 (High) |
|
CVE-2023-2650 (High) |
||
golang.org/x/net |
CVE-2022-41723 (High) |
|
core/external/cert-manager-cainjector |
golang.org/x/net |
CVE-2022-41723 (High) |
core/external/cert-manager-controller |
golang.org/x/net |
CVE-2022-41723 (High) |
core/external/cert-manager-webhook |
golang.org/x/net |
CVE-2022-41723 (High) |
core/external/nginx |
nghttp2-libs |
CVE-2023-35945 (High) |
core/frontend |
nghttp2-libs |
CVE-2023-35945 (High) |
lcm/external/csi-attacher |
github.com/prometheus/client_golang |
CVE-2022-21698 (High) |
golang.org/x/net |
CVE-2022-27664 (High) |
|
golang.org/x/text |
CVE-2022-32149 (High) |
|
gopkg.in/yaml.v3 |
CVE-2022-28948 (High) |
|
lcm/external/csi-node-driver-registrar |
github.com/prometheus/client_golang |
CVE-2022-21698 (High) |
golang.org/x/net |
CVE-2022-27664 (High) |
|
golang.org/x/text |
CVE-2022-32149 (High) |
|
lcm/external/csi-provisioner |
golang.org/x/crypto |
CVE-2021-43565 (High) |
CVE-2022-27191 (High) |
||
github.com/prometheus/client_golang |
CVE-2022-21698 (High) |
|
golang.org/x/net |
CVE-2022-27664 (High) |
|
golang.org/x/text |
CVE-2022-32149 (High) |
|
gopkg.in/yaml.v3 |
CVE-2022-28948 (High) |
|
lcm/external/csi-resizer |
github.com/prometheus/client_golang |
CVE-2022-21698 (High) |
golang.org/x/net |
CVE-2022-27664 (High) |
|
golang.org/x/text |
CVE-2022-32149 (High) |
|
gopkg.in/yaml.v3 |
CVE-2022-28948 (High) |
|
lcm/external/csi-snapshotter |
github.com/prometheus/client_golang |
CVE-2022-21698 (High) |
golang.org/x/net |
CVE-2022-27664 (High) |
|
golang.org/x/text |
CVE-2022-32149 (High) |
|
gopkg.in/yaml.v3 |
CVE-2022-28948 (High) |
|
lcm/external/livenessprobe |
golang.org/x/text |
CVE-2021-38561 (High) |
CVE-2022-32149 (High) |
||
github.com/prometheus/client_golang |
CVE-2022-21698 (High) |
|
golang.org/x/net |
CVE-2022-27664 (High) |
|
lcm/kubernetes/cinder-csi-plugin-amd64 |
libpython3.7-minimal |
CVE-2021-3737 (High) |
CVE-2020-10735 (High) |
||
CVE-2022-45061 (High) |
||
CVE-2015-20107 (High) |
||
libpython3.7-stdlib |
CVE-2021-3737 (High) |
|
CVE-2020-10735 (High) |
||
CVE-2022-45061 (High) |
||
CVE-2015-20107 (High) |
||
python3.7 |
CVE-2021-3737 (High) |
|
CVE-2020-10735 (High) |
||
CVE-2022-45061 (High) |
||
CVE-2015-20107 (High) |
||
python3.7-minimal |
CVE-2021-3737 (High) |
|
CVE-2020-10735 (High) |
||
CVE-2022-45061 (High) |
||
CVE-2015-20107 (High) |
||
libssl1.1 |
CVE-2023-2650 (High) |
|
CVE-2023-0464 (High) |
||
openssl |
CVE-2023-2650 (High) |
|
CVE-2023-0464 (High) |
||
lcm/mcc-haproxy |
nghttp2-libs |
CVE-2023-35945 (High) |
openstack/ironic |
cryptography |
CVE-2023-2650 (High) |
openstack/ironic-inspector |
cryptography |
CVE-2023-2650 (High) |