Security notes

In total, in the MOSK 23.2.2 release, 72 Common Vulnerabilities and Exposures (CVE) have been fixed: 8 of critical and 64 of high severity.

The full list of the CVEs present in the current MOSK release is available at the Mirantis Security Portal.

Addressed CVEs - summary

Severity

Critical

High

Total

Unique CVEs

2

19

21

Total issues across images

8

64

72

Addressed CVEs - detailed

Image

Component name

CVE

general/openvswitch

linux-libc-dev

CVE-2023-20593 (High)

CVE-2023-3609 (High)

CVE-2023-3611 (High)

CVE-2023-3776 (High)

general/openvswitch-dpdk

linux-libc-dev

CVE-2023-20593 (High)

CVE-2023-3609 (High)

CVE-2023-3611 (High)

CVE-2023-3776 (High)

iam/keycloak-gatekeeper

golang.org/x/crypto

CVE-2021-43565 (High)

CVE-2020-29652 (High)

CVE-2022-27191 (High)

golang.org/x/net

CVE-2021-33194 (High)

CVE-2022-27664 (High)

golang.org/x/text

CVE-2021-38561 (High)

CVE-2022-32149 (High)

github.com/prometheus/client_golang

CVE-2022-21698 (High)

openstack/aodh

grpcio

CVE-2023-33953 (High)

CVE-2023-33953 (High)

openstack/barbican

linux-libc-dev

CVE-2023-20593 (High)

CVE-2023-3609 (High)

CVE-2023-3611 (High)

CVE-2023-3776 (High)

CVE-2023-20593 (High)

CVE-2023-3609 (High)

CVE-2023-3611 (High)

CVE-2023-3776 (High)

openstack/ceilometer

grpcio

CVE-2023-33953 (High)

CVE-2023-33953 (High)

openstack/designate

Werkzeug

CVE-2022-29361 (Critical)

CVE-2023-25577 (High)

Flask

CVE-2023-30861 (High)

openstack/gnocchi

Werkzeug

CVE-2022-29361 (Critical)

CVE-2023-25577 (High)

grpcio

CVE-2023-33953 (High)

CVE-2023-33953 (High)

openstack/ironic-inspector

Werkzeug

CVE-2022-29361 (Critical)

CVE-2023-25577 (High)

Flask

CVE-2023-30861 (High)

openstack/keystone

Werkzeug

CVE-2022-29361 (Critical)

CVE-2023-25577 (High)

Flask

CVE-2023-30861 (High)

openstack/octavia

Werkzeug

CVE-2022-29361 (Critical)

CVE-2023-25577 (High)

Flask

CVE-2023-30861 (High)

openstack/panko

grpcio

CVE-2023-33953 (High)

openstack/stepler

linux-libc-dev

CVE-2023-20593 (High)

CVE-2023-3609 (High)

CVE-2023-3611 (High)

CVE-2023-3776 (High)

CVE-2023-20593 (High)

CVE-2023-3609 (High)

CVE-2023-3611 (High)

CVE-2023-3776 (High)

cryptography

CVE-2023-38325 (High)

CVE-2023-38325 (High)

scale/psql-client

busybox

CVE-2022-48174 (Critical)

busybox-binsh

CVE-2022-48174 (Critical)

ssl_client

CVE-2022-48174 (Critical)

libpq

CVE-2023-39417 (High)

postgresql13-client

CVE-2023-39417 (High)

stacklight/alerta-web

grpcio

CVE-2023-33953 (High)

libpq

CVE-2023-39417 (High)

postgresql15-client

CVE-2023-39417 (High)

stacklight/pgbouncer

libpq

CVE-2023-39417 (High)

postgresql-client

CVE-2023-39417 (High)

tungsten/cass-config-builder

cups-libs

CVE-2023-32360 (High)

tungsten/tf-cli

dnf-plugin-subscription-manager

CVE-2023-3899 (High)

python3-cloud-what

CVE-2023-3899 (High)

python3-subscription-manager-rhsm

CVE-2023-3899 (High)

python3-syspurpose

CVE-2023-3899 (High)

subscription-manager

CVE-2023-3899 (High)

subscription-manager-rhsm-certificates

CVE-2023-3899 (High)