Skip to content

Commit

Permalink
Update 2025-02-27
Browse files Browse the repository at this point in the history
  • Loading branch information
@rancher-security-bot
rancher-security-bot committed Feb 27, 2025
1 parent b6a2b27 commit 1350fca
Show file tree
Hide file tree
Showing 28 changed files with 636 additions and 2,679 deletions.
12 changes: 6 additions & 6 deletions docs/csv/report-harvester-master-cves.csv
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
image,release,package_name,package_version,type,vulnerability_id,severity,url,target,patched_version,mirrored,status,justification
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.7.0,harvester/master,golang.org/x/net,v0.20.0,gobinary,CVE-2024-45338,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-45338,ip-control-loop,0.33.0,false,affected,severity_changed_due_to_suse_cvss_score
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.7.0,harvester/master,stdlib,v1.21.9,gobinary,CVE-2024-24790,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-24790,ip-control-loop,"1.21.11, 1.22.4",false,affected,severity_changed_due_to_suse_cvss_score
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.7.0,harvester/master,stdlib,v1.21.9,gobinary,CVE-2024-34156,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-34156,ip-control-loop,"1.22.7, 1.23.1",false,affected,severity_changed_due_to_suse_cvss_score
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.7.0,harvester/master,golang.org/x/net,v0.20.0,gobinary,CVE-2024-45338,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-45338,whereabouts,0.33.0,false,affected,severity_changed_due_to_suse_cvss_score
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.7.0,harvester/master,stdlib,v1.21.9,gobinary,CVE-2024-24790,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-24790,whereabouts,"1.21.11, 1.22.4",false,affected,severity_changed_due_to_suse_cvss_score
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.7.0,harvester/master,stdlib,v1.21.9,gobinary,CVE-2024-34156,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-34156,whereabouts,"1.22.7, 1.23.1",false,affected,severity_changed_due_to_suse_cvss_score
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.8.0,harvester/master,libcrypto3,3.3.1-r3,alpine,CVE-2024-12797,HIGH,https://avd.aquasec.com/nvd/cve-2024-12797,ghcr.io/k8snetworkplumbingwg/whereabouts:v0.8.0 (alpine 3.20.2),3.3.3-r0,false,affected,
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.8.0,harvester/master,libssl3,3.3.1-r3,alpine,CVE-2024-12797,HIGH,https://avd.aquasec.com/nvd/cve-2024-12797,ghcr.io/k8snetworkplumbingwg/whereabouts:v0.8.0 (alpine 3.20.2),3.3.3-r0,false,affected,
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.8.0,harvester/master,golang.org/x/net,v0.24.0,gobinary,CVE-2024-45338,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-45338,ip-control-loop,0.33.0,false,affected,severity_changed_due_to_suse_cvss_score
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.8.0,harvester/master,stdlib,v1.21.12,gobinary,CVE-2024-34156,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-34156,ip-control-loop,"1.22.7, 1.23.1",false,affected,severity_changed_due_to_suse_cvss_score
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.8.0,harvester/master,golang.org/x/net,v0.24.0,gobinary,CVE-2024-45338,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-45338,whereabouts,0.33.0,false,affected,severity_changed_due_to_suse_cvss_score
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.8.0,harvester/master,stdlib,v1.21.12,gobinary,CVE-2024-34156,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-34156,whereabouts,"1.22.7, 1.23.1",false,affected,severity_changed_due_to_suse_cvss_score
ghcr.io/kube-vip/kube-vip-iptables:v0.8.1,harvester/master,libcrypto3,3.3.1-r0,alpine,CVE-2024-12797,HIGH,https://avd.aquasec.com/nvd/cve-2024-12797,ghcr.io/kube-vip/kube-vip-iptables:v0.8.1 (alpine 3.20.0),3.3.3-r0,false,affected,
ghcr.io/kube-vip/kube-vip-iptables:v0.8.1,harvester/master,libssl3,3.3.1-r0,alpine,CVE-2024-12797,HIGH,https://avd.aquasec.com/nvd/cve-2024-12797,ghcr.io/kube-vip/kube-vip-iptables:v0.8.1 (alpine 3.20.0),3.3.3-r0,false,affected,
ghcr.io/kube-vip/kube-vip-iptables:v0.8.1,harvester/master,stdlib,v1.22.4,gobinary,CVE-2024-34156,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-34156,kube-vip,"1.22.7, 1.23.1",false,affected,severity_changed_due_to_suse_cvss_score
Expand Down
2 changes: 1 addition & 1 deletion docs/csv/report-harvester-master-stats.csv
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
image,critical,high,total
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.7.0,0,0,0
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.8.0,0,2,2
ghcr.io/kube-vip/kube-vip-iptables:v0.8.1,0,2,2
longhornio/backing-image-manager:v1.8.1-rc1,0,0,0
longhornio/csi-attacher:v4.8.0,0,0,0
Expand Down
89 changes: 0 additions & 89 deletions docs/csv/report-longhorn-v1.7.2-cves.csv
View file

This file was deleted.

15 changes: 0 additions & 15 deletions docs/csv/report-longhorn-v1.7.2-stats.csv
View file

This file was deleted.

6 changes: 6 additions & 0 deletions docs/csv/report-longhorn-v1.7.3-cves.csv
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
image,release,package_name,package_version,type,vulnerability_id,severity,url,target,patched_version,mirrored,status,justification
longhornio/csi-attacher:v4.8.0,longhorn/v1.7.3,golang.org/x/net,v0.32.0,gobinary,CVE-2024-45338,HIGH,https://avd.aquasec.com/nvd/cve-2024-45338,csi-attacher,0.33.0,false,not_affected,vulnerable_code_not_present
longhornio/csi-node-driver-registrar:v2.13.0,longhorn/v1.7.3,golang.org/x/net,v0.32.0,gobinary,CVE-2024-45338,HIGH,https://avd.aquasec.com/nvd/cve-2024-45338,csi-node-driver-registrar,0.33.0,false,not_affected,vulnerable_code_not_present
longhornio/csi-provisioner:v4.0.1-20250204,longhorn/v1.7.3,golang.org/x/net,v0.19.0,gobinary,CVE-2024-45338,HIGH,https://avd.aquasec.com/nvd/cve-2024-45338,csi-provisioner,0.33.0,false,not_affected,vulnerable_code_not_present
longhornio/csi-snapshotter:v7.0.2-20250204,longhorn/v1.7.3,golang.org/x/net,v0.20.0,gobinary,CVE-2024-45338,HIGH,https://avd.aquasec.com/nvd/cve-2024-45338,csi-snapshotter,0.33.0,false,not_affected,vulnerable_code_not_present
longhornio/livenessprobe:v2.15.0,longhorn/v1.7.3,golang.org/x/net,v0.32.0,gobinary,CVE-2024-45338,HIGH,https://avd.aquasec.com/nvd/cve-2024-45338,livenessprobe,0.33.0,false,not_affected,vulnerable_code_not_present
15 changes: 15 additions & 0 deletions docs/csv/report-longhorn-v1.7.3-stats.csv
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
image,critical,high,total
longhornio/backing-image-manager:v1.7.3,0,0,0
longhornio/csi-attacher:v4.8.0,0,0,0
longhornio/csi-node-driver-registrar:v2.13.0,0,0,0
longhornio/csi-provisioner:v4.0.1-20250204,0,0,0
longhornio/csi-resizer:v1.13.1,0,0,0
longhornio/csi-snapshotter:v7.0.2-20250204,0,0,0
longhornio/livenessprobe:v2.15.0,0,0,0
longhornio/longhorn-cli:v1.7.3,0,0,0
longhornio/longhorn-engine:v1.7.3,0,0,0
longhornio/longhorn-instance-manager:v1.7.3,0,0,0
longhornio/longhorn-manager:v1.7.3,0,0,0
longhornio/longhorn-share-manager:v1.7.3,0,0,0
longhornio/longhorn-ui:v1.7.3,0,0,0
longhornio/support-bundle-kit:v0.0.51,0,0,0
6 changes: 3 additions & 3 deletions docs/csv/report-rancher-v2.10-head-cves.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3112,6 +3112,6 @@ rancher/system-upgrade-controller:v0.13.4,rancher/v2.10-head,stdlib,v1.20.13,gob
rancher/system-upgrade-controller:v0.13.4,rancher/v2.10-head,stdlib,v1.20.13,gobinary,CVE-2024-34156,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-34156,bin/system-upgrade-controller,"1.22.7, 1.23.1",false,affected,severity_changed_due_to_suse_cvss_score
rancher/system-upgrade-controller:v0.13.4,rancher/v2.10-head,golang.org/x/net,v0.17.0,gobinary,CVE-2024-45338,HIGH,https://avd.aquasec.com/nvd/cve-2024-45338,bin/system-upgrade-controller,0.33.0,false,not_affected,vulnerable_code_not_in_execute_path
rancher/system-upgrade-controller:v0.14.2,rancher/v2.10-head,golang.org/x/net,v0.28.0,gobinary,CVE-2024-45338,HIGH,https://avd.aquasec.com/nvd/cve-2024-45338,bin/system-upgrade-controller,0.33.0,false,not_affected,vulnerable_code_not_in_execute_path
rancher/ui-plugin-catalog:3.3.3,rancher/v2.10-head,libtasn1,4.13-150000.4.8.1,sles,SUSE-SU-2025:0548-1,HIGH,,rancher/ui-plugin-catalog:3.3.3 (sles 15.5),4.13-150000.4.11.1,false,affected,
rancher/ui-plugin-catalog:3.3.3,rancher/v2.10-head,libtasn1-6,4.13-150000.4.8.1,sles,SUSE-SU-2025:0548-1,HIGH,,rancher/ui-plugin-catalog:3.3.3 (sles 15.5),4.13-150000.4.11.1,false,affected,
rancher/ui-plugin-catalog:3.3.3,rancher/v2.10-head,libxml2-2,2.10.3-150500.5.17.1,sles,SUSE-SU-2025:0348-1,HIGH,,rancher/ui-plugin-catalog:3.3.3 (sles 15.5),2.10.3-150500.5.20.1,false,affected,
rancher/ui-plugin-catalog:3.4.0,rancher/v2.10-head,libtasn1,4.13-150000.4.8.1,sles,SUSE-SU-2025:0548-1,HIGH,,rancher/ui-plugin-catalog:3.4.0 (sles 15.5),4.13-150000.4.11.1,false,affected,
rancher/ui-plugin-catalog:3.4.0,rancher/v2.10-head,libtasn1-6,4.13-150000.4.8.1,sles,SUSE-SU-2025:0548-1,HIGH,,rancher/ui-plugin-catalog:3.4.0 (sles 15.5),4.13-150000.4.11.1,false,affected,
rancher/ui-plugin-catalog:3.4.0,rancher/v2.10-head,libxml2-2,2.10.3-150500.5.17.1,sles,SUSE-SU-2025:0348-1,HIGH,,rancher/ui-plugin-catalog:3.4.0 (sles 15.5),2.10.3-150500.5.20.1,false,affected,
2 changes: 1 addition & 1 deletion docs/csv/report-rancher-v2.10-head-stats.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -375,4 +375,4 @@ rancher/system-agent-installer-rke2:v1.31.5-rke2r1,0,0,0
rancher/system-agent:v0.3.11-suc,0,0,0
rancher/system-upgrade-controller:v0.13.4,0,0,0
rancher/system-upgrade-controller:v0.14.2,0,0,0
rancher/ui-plugin-catalog:3.3.3,0,3,3
rancher/ui-plugin-catalog:3.4.0,0,3,3
6 changes: 3 additions & 3 deletions docs/csv/report-rancher-v2.10.2-cves.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3115,6 +3115,6 @@ rancher/system-upgrade-controller:v0.13.4,rancher/v2.10.2,stdlib,v1.20.13,gobina
rancher/system-upgrade-controller:v0.13.4,rancher/v2.10.2,stdlib,v1.20.13,gobinary,CVE-2024-34156,MEDIUM,https://avd.aquasec.com/nvd/cve-2024-34156,bin/system-upgrade-controller,"1.22.7, 1.23.1",false,affected,severity_changed_due_to_suse_cvss_score
rancher/system-upgrade-controller:v0.13.4,rancher/v2.10.2,golang.org/x/net,v0.17.0,gobinary,CVE-2024-45338,HIGH,https://avd.aquasec.com/nvd/cve-2024-45338,bin/system-upgrade-controller,0.33.0,false,not_affected,vulnerable_code_not_in_execute_path
rancher/system-upgrade-controller:v0.14.2,rancher/v2.10.2,golang.org/x/net,v0.28.0,gobinary,CVE-2024-45338,HIGH,https://avd.aquasec.com/nvd/cve-2024-45338,bin/system-upgrade-controller,0.33.0,false,not_affected,vulnerable_code_not_in_execute_path
rancher/ui-plugin-catalog:3.3.3,rancher/v2.10.2,libtasn1,4.13-150000.4.8.1,sles,SUSE-SU-2025:0548-1,HIGH,,rancher/ui-plugin-catalog:3.3.3 (sles 15.5),4.13-150000.4.11.1,false,affected,
rancher/ui-plugin-catalog:3.3.3,rancher/v2.10.2,libtasn1-6,4.13-150000.4.8.1,sles,SUSE-SU-2025:0548-1,HIGH,,rancher/ui-plugin-catalog:3.3.3 (sles 15.5),4.13-150000.4.11.1,false,affected,
rancher/ui-plugin-catalog:3.3.3,rancher/v2.10.2,libxml2-2,2.10.3-150500.5.17.1,sles,SUSE-SU-2025:0348-1,HIGH,,rancher/ui-plugin-catalog:3.3.3 (sles 15.5),2.10.3-150500.5.20.1,false,affected,
rancher/ui-plugin-catalog:3.4.0,rancher/v2.10.2,libtasn1,4.13-150000.4.8.1,sles,SUSE-SU-2025:0548-1,HIGH,,rancher/ui-plugin-catalog:3.4.0 (sles 15.5),4.13-150000.4.11.1,false,affected,
rancher/ui-plugin-catalog:3.4.0,rancher/v2.10.2,libtasn1-6,4.13-150000.4.8.1,sles,SUSE-SU-2025:0548-1,HIGH,,rancher/ui-plugin-catalog:3.4.0 (sles 15.5),4.13-150000.4.11.1,false,affected,
rancher/ui-plugin-catalog:3.4.0,rancher/v2.10.2,libxml2-2,2.10.3-150500.5.17.1,sles,SUSE-SU-2025:0348-1,HIGH,,rancher/ui-plugin-catalog:3.4.0 (sles 15.5),2.10.3-150500.5.20.1,false,affected,
2 changes: 1 addition & 1 deletion docs/csv/report-rancher-v2.10.2-stats.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -374,4 +374,4 @@ rancher/system-agent-installer-rke2:v1.31.5-rke2r1,0,0,0
rancher/system-agent:v0.3.11-suc,0,0,0
rancher/system-upgrade-controller:v0.13.4,0,0,0
rancher/system-upgrade-controller:v0.14.2,0,0,0
rancher/ui-plugin-catalog:3.3.3,0,3,3
rancher/ui-plugin-catalog:3.4.0,0,3,3
Loading

0 comments on commit 1350fca

Please sign in to comment.