Security notes¶
In total, in the MOSK 23.2.1 release, 43 Common Vulnerabilities and Exposures (CVE) with high severity have been fixed.
The full list of the CVEs present in the current MOSK release is available at the Mirantis Security Portal.
Severity |
Critical |
High |
Total |
---|---|---|---|
Unique CVEs |
0 |
10 |
10 |
Total issues across images |
0 |
43 |
43 |
Image |
Component name |
CVE |
---|---|---|
ceph/rook |
python3 |
CVE-2023-24329 (High) |
python3-devel |
CVE-2023-24329 (High) |
|
python3-libs |
CVE-2023-24329 (High) |
|
cryptography |
CVE-2023-38325 (High) |
|
mirantis/ceph |
cryptography |
CVE-2023-2650 (High) |
mirantis/cephcsi |
python3 |
CVE-2023-24329 (High) |
python3-devel |
CVE-2023-24329 (High) |
|
python3-libs |
CVE-2023-24329 (High) |
|
cryptography |
CVE-2023-38325 (High) |
|
openstack/aodh |
cryptography |
CVE-2023-38325 (High) |
openstack/barbican |
cryptography |
CVE-2023-38325 (High) |
openstack/ceilometer |
cryptography |
CVE-2023-38325 (High) |
openstack/cinder |
cryptography |
CVE-2023-38325 (High) |
openstack/designate |
cryptography |
CVE-2023-38325 (High) |
openstack/extra/powerdns |
libpq |
CVE-2023-39417 (High) |
openstack/glance |
cryptography |
CVE-2023-38325 (High) |
openstack/gnocchi |
cryptography |
CVE-2023-38325 (High) |
openstack/heat |
cryptography |
CVE-2023-38325 (High) |
openstack/horizon |
cryptography |
CVE-2023-38325 (High) |
openstack/ironic |
cryptography |
CVE-2023-38325 (High) |
openstack/ironic-inspector |
cryptography |
CVE-2023-38325 (High) |
openstack/keystone |
cryptography |
CVE-2023-38325 (High) |
openstack/manila |
cryptography |
CVE-2023-38325 (High) |
openstack/masakari |
cryptography |
CVE-2023-38325 (High) |
openstack/masakari-monitors |
cryptography |
CVE-2023-38325 (High) |
openstack/neutron |
cryptography |
CVE-2023-38325 (High) |
openstack/nova |
cryptography |
CVE-2023-38325 (High) |
openstack/octavia |
cryptography |
CVE-2023-38325 (High) |
openstack/openstack-tools |
cryptography |
CVE-2023-38325 (High) |
openstack/panko |
cryptography |
CVE-2023-38325 (High) |
openstack/placement |
cryptography |
CVE-2023-38325 (High) |
openstack/tempest |
cryptography |
CVE-2023-38325 (High) |
stacklight/alpine-utils |
nghttp2-libs |
CVE-2023-35945 (High) |
stacklight/cadvisor |
github.com/docker/docker |
CVE-2023-28840 (High) |
github.com/opencontainers/runc |
CVE-2023-28642 (High) |
|
golang.org/x/net |
CVE-2022-41723 (High) |
|
stacklight/grafana |
nghttp2-libs |
CVE-2023-35945 (High) |
stacklight/metricbeat |
bind-license |
CVE-2023-2828 (High) |
stacklight/opensearch |
libnghttp2 |
CVE-2023-35945 (High) |
stacklight/opensearch-dashboards |
libnghttp2 |
CVE-2023-35945 (High) |
stacklight/prometheus-libvirt-exporter |
nghttp2-libs |
CVE-2023-35945 (High) |
stacklight/stacklight-toolkit |
nghttp2-libs |
CVE-2023-35945 (High) |
stacklight/telegraf |
github.com/snowflakedb/gosnowflake |
CVE-2023-34231 (High) |