Searching for results...

No results

Your search did not match anything from Mirantis documentation.
Check your spelling or try different keywords.

An error occurred

An error occurred while using the search.
Try your search again or contact us to let us know about it.

Newer documentation is now live.You are currently reading an older version.

Security notes

In the Container Cloud patch release 2.23.5, 70 vendor-specific Common Vulnerabilities and Exposures (CVE) have been addressed: 7 of critical and 63 of high severity.

The full list of the CVEs present in the current Container Cloud release is available at the Mirantis Security Portal.

Addressed CVEs

Image

Component name

CVE

bm/baremetal-dnsmasq

curl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

libcurl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

libcap2

CVE-2023-2603 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

bm/baremetal-operator

openssh-client-common

CVE-2023-28531 (Critical)

openssh-client-default

CVE-2023-28531 (Critical)

openssh-keygen

CVE-2023-28531 (Critical)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

core/external/nginx

libwebp

CVE-2023-1999 (Critical)

curl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

libcurl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

core/frontend

libwebp

CVE-2023-1999 (Critical)

curl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

libcurl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

openstack/ironic

sqlparse

CVE-2023-30608 (High)

openstack/ironic-inspector

Flask

CVE-2023-30861 (High)

sqlparse

CVE-2023-30608 (High)

stacklight/alerta-web

libcurl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

libpq

CVE-2023-2454 (High)

postgresql15-client

CVE-2023-2454 (High)

Flask

CVE-2023-30861 (High)

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

stacklight/alertmanager-webhook-servicenow

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

stacklight/alpine-utils

curl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

libcurl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

stacklight/opensearch

org.apache.santuario:xmlsec

CVE-2022-47966 (Critical)

CVE-2022-21476 (High)

org.slf4j:slf4j-api

CVE-2018-8088 (Critical)

glib2

CVE-2018-16428 (High)

CVE-2018-16429 (High)

stacklight/opensearch-dashboards

glib2

CVE-2018-16428 (High)

CVE-2018-16429 (High)

stacklight/pgbouncer

libpq

CVE-2023-2454 (High)

postgresql-client

CVE-2023-2454 (High)

stacklight/prometheus-libvirt-exporter

libcurl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

stacklight/prometheus-patroni-exporter

ncurses-libs

CVE-2023-29491 (High)

ncurses-terminfo-base

CVE-2023-29491 (High)

stacklight/sf-notifier

flask

CVE-2023-30861 (High)

stacklight/stacklight-toolkit

curl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

libcurl

CVE-2023-28319 (High)

CVE-2023-28321 (High)

CVE-2023-28322 (High)

stacklight/telegraf

github.com/docker/docker

CVE-2023-28840 (High)

CVE-2023-28840 (High)