Security notes
In total, since Container Cloud 2.24.3, in 2.24.4, 18
Common Vulnerabilities and Exposures (CVE) have been fixed:
3 of critical and 15 of high severity.
The summary table contains the total number of unique CVEs along with the
total number of issues fixed across the images.
The full list of the CVEs present in the current Container Cloud release is
available at the Mirantis Security Portal.
Addressed CVEs - summary
Severity |
Critical |
High |
Total |
|---|
Unique CVEs |
1 |
10 |
11 |
|---|
Total issues across images |
3 |
15 |
18 |
|---|
Addressed CVEs - detailed
Image |
Component name |
CVE |
|---|
iam/keycloak-gatekeeper |
golang.org/x/crypto |
CVE-2021-43565 (High) |
|
|
CVE-2022-27191 (High) |
|
|
CVE-2020-29652 (High) |
|
golang.org/x/net |
CVE-2022-27664 (High) |
|
|
CVE-2021-33194 (High) |
|
golang.org/x/text |
CVE-2021-38561 (High) |
|
|
CVE-2022-32149 (High) |
|
github.com/prometheus/client_golang |
CVE-2022-21698 (High) |
scale/psql-client |
busybox |
CVE-2022-48174 (Critical) |
|
busybox-binsh |
CVE-2022-48174 (Critical) |
|
ssl_client |
CVE-2022-48174 (Critical) |
|
libpq |
CVE-2023-39417 (High) |
|
postgresql13-client |
CVE-2023-39417 (High) |
stacklight/alerta-web |
grpcio |
CVE-2023-33953 (High) |
|
libpq |
CVE-2023-39417 (High) |
|
postgresql15-client |
CVE-2023-39417 (High) |
stacklight/pgbouncer |
libpq |
CVE-2023-39417 (High) |
|
postgresql-client |
CVE-2023-39417 (High) |