Security notes

In total, in the MOSK 23.2.1 release, 43 Common Vulnerabilities and Exposures (CVE) with high severity have been fixed.

The full list of the CVEs present in the current MOSK release is available at the Mirantis Security Portal.

Addressed CVEs - summary

Severity

Critical

High

Total

Unique CVEs

0

10

10

Total issues across images

0

43

43
Addressed CVEs - detailed

Image

Component name

CVE

ceph/rook

python3

CVE-2023-24329 (High)

python3-devel

CVE-2023-24329 (High)

python3-libs

CVE-2023-24329 (High)

cryptography

CVE-2023-38325 (High)

mirantis/ceph

cryptography

CVE-2023-2650 (High)

mirantis/cephcsi

python3

CVE-2023-24329 (High)

python3-devel

CVE-2023-24329 (High)

python3-libs

CVE-2023-24329 (High)

cryptography

CVE-2023-38325 (High)

openstack/aodh

cryptography

CVE-2023-38325 (High)

openstack/barbican

cryptography

CVE-2023-38325 (High)

openstack/ceilometer

cryptography

CVE-2023-38325 (High)

openstack/cinder

cryptography

CVE-2023-38325 (High)

openstack/designate

cryptography

CVE-2023-38325 (High)

openstack/extra/powerdns

libpq

CVE-2023-39417 (High)

openstack/glance

cryptography

CVE-2023-38325 (High)

openstack/gnocchi

cryptography

CVE-2023-38325 (High)

openstack/heat

cryptography

CVE-2023-38325 (High)

openstack/horizon

cryptography

CVE-2023-38325 (High)

openstack/ironic

cryptography

CVE-2023-38325 (High)

openstack/ironic-inspector

cryptography

CVE-2023-38325 (High)

openstack/keystone

cryptography

CVE-2023-38325 (High)

openstack/manila

cryptography

CVE-2023-38325 (High)

openstack/masakari

cryptography

CVE-2023-38325 (High)

openstack/masakari-monitors

cryptography

CVE-2023-38325 (High)

openstack/neutron

cryptography

CVE-2023-38325 (High)

openstack/nova

cryptography

CVE-2023-38325 (High)

openstack/octavia

cryptography

CVE-2023-38325 (High)

openstack/openstack-tools

cryptography

CVE-2023-38325 (High)

openstack/panko

cryptography

CVE-2023-38325 (High)

openstack/placement

cryptography

CVE-2023-38325 (High)

openstack/tempest

cryptography

CVE-2023-38325 (High)

stacklight/alpine-utils

nghttp2-libs

CVE-2023-35945 (High)

stacklight/cadvisor

github.com/docker/docker

CVE-2023-28840 (High)

github.com/opencontainers/runc

CVE-2023-28642 (High)

golang.org/x/net

CVE-2022-41723 (High)

stacklight/grafana

nghttp2-libs

CVE-2023-35945 (High)

stacklight/metricbeat

bind-license

CVE-2023-2828 (High)

stacklight/opensearch

libnghttp2

CVE-2023-35945 (High)

stacklight/opensearch-dashboards

libnghttp2

CVE-2023-35945 (High)

stacklight/prometheus-libvirt-exporter

nghttp2-libs

CVE-2023-35945 (High)

stacklight/stacklight-toolkit

nghttp2-libs

CVE-2023-35945 (High)

stacklight/telegraf

github.com/snowflakedb/gosnowflake

CVE-2023-34231 (High)