Skip to content

Commit

Permalink
Update 2024-11-19
Browse files Browse the repository at this point in the history
  • Loading branch information
@rancher-security-bot
rancher-security-bot committed Nov 19, 2024
1 parent 4b06aa1 commit 1d3b367
Show file tree
Hide file tree
Showing 44 changed files with 48,281 additions and 20,632 deletions.
43 changes: 42 additions & 1 deletion docs/csv/report-harvester-master-cves.csv
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
image,release,package_name,package_version,type,vulnerability_id,severity,url,target,patched_version,mirrored,status,justification
ghcr.io/kube-vip/kube-vip-iptables:v0.8.1,harvester/master,stdlib,v1.22.4,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,kube-vip,"1.22.7, 1.23.1",false,affected,
longhornio/backing-image-manager:v1.7.2,harvester/master,qemu-img,8.2.6-150600.3.15.1,suse linux enterprise server,SUSE-SU-2024:3744-1,HIGH,,longhornio/backing-image-manager:v1.7.2 (suse linux enterprise server 15.6),8.2.7-15061.6.coco15sp6.1,false,affected,
longhornio/backing-image-manager:v1.7.2,harvester/master,qemu-pr-helper,8.2.6-150600.3.15.1,suse linux enterprise server,SUSE-SU-2024:3744-1,HIGH,,longhornio/backing-image-manager:v1.7.2 (suse linux enterprise server 15.6),8.2.7-15061.6.coco15sp6.1,false,affected,
longhornio/backing-image-manager:v1.7.2,harvester/master,qemu-tools,8.2.6-150600.3.15.1,suse linux enterprise server,SUSE-SU-2024:3744-1,HIGH,,longhornio/backing-image-manager:v1.7.2 (suse linux enterprise server 15.6),8.2.7-15061.6.coco15sp6.1,false,affected,
Expand Down Expand Up @@ -203,6 +202,48 @@ rancher/kubectl:v1.21.5,harvester/master,stdlib,v1.16.8,gobinary,CVE-2024-34156,
rancher/kubectl:v1.29.2,harvester/master,stdlib,v1.21.7,gobinary,CVE-2024-24790,CRITICAL,https://avd.aquasec.com/nvd/cve-2024-24790,bin/kubectl,"1.21.11, 1.22.4",false,affected,
rancher/kubectl:v1.29.2,harvester/master,stdlib,v1.21.7,gobinary,CVE-2023-45288,HIGH,https://avd.aquasec.com/nvd/cve-2023-45288,bin/kubectl,"1.21.9, 1.22.2",false,affected,
rancher/kubectl:v1.29.2,harvester/master,stdlib,v1.21.7,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,bin/kubectl,"1.22.7, 1.23.1",false,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,curl,7.79.1-r1,alpine,CVE-2022-32207,CRITICAL,https://avd.aquasec.com/nvd/cve-2022-32207,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),7.79.1-r2,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,curl,7.79.1-r1,alpine,CVE-2023-23914,CRITICAL,https://avd.aquasec.com/nvd/cve-2023-23914,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),7.79.1-r5,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,curl,7.79.1-r1,alpine,CVE-2022-27781,HIGH,https://avd.aquasec.com/nvd/cve-2022-27781,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),7.79.1-r2,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,curl,7.79.1-r1,alpine,CVE-2022-27782,HIGH,https://avd.aquasec.com/nvd/cve-2022-27782,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),7.79.1-r2,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,curl,7.79.1-r1,alpine,CVE-2022-43551,HIGH,https://avd.aquasec.com/nvd/cve-2022-43551,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),7.79.1-r4,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,curl,7.79.1-r1,alpine,CVE-2023-27533,HIGH,https://avd.aquasec.com/nvd/cve-2023-27533,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),8.0.1-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,curl,7.79.1-r1,alpine,CVE-2023-27534,HIGH,https://avd.aquasec.com/nvd/cve-2023-27534,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),8.0.1-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcrypto1.1,1.1.1n-r0,alpine,CVE-2022-4450,HIGH,https://avd.aquasec.com/nvd/cve-2022-4450,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),1.1.1t-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcrypto1.1,1.1.1n-r0,alpine,CVE-2023-0215,HIGH,https://avd.aquasec.com/nvd/cve-2023-0215,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),1.1.1t-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcrypto1.1,1.1.1n-r0,alpine,CVE-2023-0286,HIGH,https://avd.aquasec.com/nvd/cve-2023-0286,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),1.1.1t-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcrypto1.1,1.1.1n-r0,alpine,CVE-2023-0464,HIGH,https://avd.aquasec.com/nvd/cve-2023-0464,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),1.1.1t-r1,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcurl,7.79.1-r1,alpine,CVE-2022-32207,CRITICAL,https://avd.aquasec.com/nvd/cve-2022-32207,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),7.79.1-r2,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcurl,7.79.1-r1,alpine,CVE-2023-23914,CRITICAL,https://avd.aquasec.com/nvd/cve-2023-23914,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),7.79.1-r5,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcurl,7.79.1-r1,alpine,CVE-2022-27781,HIGH,https://avd.aquasec.com/nvd/cve-2022-27781,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),7.79.1-r2,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcurl,7.79.1-r1,alpine,CVE-2022-27782,HIGH,https://avd.aquasec.com/nvd/cve-2022-27782,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),7.79.1-r2,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcurl,7.79.1-r1,alpine,CVE-2022-43551,HIGH,https://avd.aquasec.com/nvd/cve-2022-43551,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),7.79.1-r4,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcurl,7.79.1-r1,alpine,CVE-2023-27533,HIGH,https://avd.aquasec.com/nvd/cve-2023-27533,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),8.0.1-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libcurl,7.79.1-r1,alpine,CVE-2023-27534,HIGH,https://avd.aquasec.com/nvd/cve-2023-27534,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),8.0.1-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libssl1.1,1.1.1n-r0,alpine,CVE-2022-4450,HIGH,https://avd.aquasec.com/nvd/cve-2022-4450,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),1.1.1t-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libssl1.1,1.1.1n-r0,alpine,CVE-2023-0215,HIGH,https://avd.aquasec.com/nvd/cve-2023-0215,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),1.1.1t-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libssl1.1,1.1.1n-r0,alpine,CVE-2023-0286,HIGH,https://avd.aquasec.com/nvd/cve-2023-0286,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),1.1.1t-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,libssl1.1,1.1.1n-r0,alpine,CVE-2023-0464,HIGH,https://avd.aquasec.com/nvd/cve-2023-0464,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),1.1.1t-r1,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,ncurses-libs,6.2_p20210612-r0,alpine,CVE-2022-29458,HIGH,https://avd.aquasec.com/nvd/cve-2022-29458,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),6.2_p20210612-r1,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,ncurses-terminfo-base,6.2_p20210612-r0,alpine,CVE-2022-29458,HIGH,https://avd.aquasec.com/nvd/cve-2022-29458,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),6.2_p20210612-r1,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,ruby,2.7.6-r0,alpine,CVE-2021-33621,HIGH,https://avd.aquasec.com/nvd/cve-2021-33621,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),2.7.7-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,ruby-etc,2.7.6-r0,alpine,CVE-2021-33621,HIGH,https://avd.aquasec.com/nvd/cve-2021-33621,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),2.7.7-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,ruby-io-console,2.7.6-r0,alpine,CVE-2021-33621,HIGH,https://avd.aquasec.com/nvd/cve-2021-33621,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),2.7.7-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,ruby-irb,2.7.6-r0,alpine,CVE-2021-33621,HIGH,https://avd.aquasec.com/nvd/cve-2021-33621,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),2.7.7-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,ruby-libs,2.7.6-r0,alpine,CVE-2021-33621,HIGH,https://avd.aquasec.com/nvd/cve-2021-33621,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),2.7.7-r0,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,zlib,1.2.12-r1,alpine,CVE-2022-37434,CRITICAL,https://avd.aquasec.com/nvd/cve-2022-37434,rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5 (alpine 3.14.6),1.2.12-r2,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,activesupport,7.0.3,gemspec,CVE-2023-22796,HIGH,https://avd.aquasec.com/nvd/cve-2023-22796,Ruby,"~> 5.2.8, >= 5.2.8.15, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1",true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,google-protobuf,3.20.1,gemspec,CVE-2024-7254,HIGH,https://avd.aquasec.com/nvd/cve-2024-7254,Ruby,"~> 3.25.5, ~> 4.27.5, >= 4.28.2",true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,kubeclient,4.9.1,gemspec,CVE-2022-0759,HIGH,https://avd.aquasec.com/nvd/cve-2022-0759,Ruby,>= 4.9.3,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,opensearch-ruby,1.0.0,gemspec,CVE-2022-31115,HIGH,https://avd.aquasec.com/nvd/cve-2022-31115,Ruby,>= 2.0.2,true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,rack,2.2.3,gemspec,CVE-2022-30123,CRITICAL,https://avd.aquasec.com/nvd/cve-2022-30123,Ruby,"~> 2.0.9, >= 2.0.9.1, ~> 2.1.4, >= 2.1.4.1, >= 2.2.3.1",true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,rack,2.2.3,gemspec,CVE-2022-30122,HIGH,https://avd.aquasec.com/nvd/cve-2022-30122,Ruby,"~> 2.0.9, >= 2.0.9.1, ~> 2.1.4, >= 2.1.4.1, >= 2.2.3.1",true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,rack,2.2.3,gemspec,CVE-2022-44570,HIGH,https://avd.aquasec.com/nvd/cve-2022-44570,Ruby,"~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= 2.2.6.2, >= 3.0.4.1",true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,rack,2.2.3,gemspec,CVE-2022-44571,HIGH,https://avd.aquasec.com/nvd/cve-2022-44571,Ruby,"~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= 2.2.6.1, >= 3.0.4.1",true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,rack,2.2.3,gemspec,CVE-2022-44572,HIGH,https://avd.aquasec.com/nvd/cve-2022-44572,Ruby,"~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= 2.2.6.1, >= 3.0.4.1",true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,rack,2.2.3,gemspec,CVE-2023-27530,HIGH,https://avd.aquasec.com/nvd/cve-2023-27530,Ruby,"~> 2.0.9, >= 2.0.9.3, ~> 2.1.4, >= 2.1.4.3, ~> 2.2.6, >= 2.2.6.3, >= 3.0.4.2",true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,tzinfo,1.2.7,gemspec,CVE-2022-31163,HIGH,https://avd.aquasec.com/nvd/cve-2022-31163,Ruby,"~> 0.3.61, >= 1.2.10",true,affected,
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,harvester/master,webrick,1.7.0,gemspec,CVE-2024-47220,HIGH,https://avd.aquasec.com/nvd/cve-2024-47220,Ruby,>= 1.8.2,true,affected,
rancher/mirrored-cluster-api-controller:v1.7.3,harvester/master,stdlib,v1.21.11,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,manager,"1.22.7, 1.23.1",true,affected,
rancher/mirrored-fluent-fluent-bit:2.2.0,harvester/master,libc6,2.31-13+deb11u7,debian,CVE-2024-2961,HIGH,https://avd.aquasec.com/nvd/cve-2024-2961,rancher/mirrored-fluent-fluent-bit:2.2.0 (debian 11.8),2.31-13+deb11u9,true,affected,
rancher/mirrored-fluent-fluent-bit:2.2.0,harvester/master,libc6,2.31-13+deb11u7,debian,CVE-2024-33599,HIGH,https://avd.aquasec.com/nvd/cve-2024-33599,rancher/mirrored-fluent-fluent-bit:2.2.0 (debian 11.8),2.31-13+deb11u10,true,affected,
Expand Down
4 changes: 2 additions & 2 deletions docs/csv/report-harvester-master-stats.csv
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
image,critical,high,total
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.6.3,0,0,0
ghcr.io/kube-vip/kube-vip-iptables:v0.8.1,0,1,1
ghcr.io/kube-vip/kube-vip-iptables:v0.8.1,0,0,0
longhornio/backing-image-manager:v1.7.2,0,3,3
longhornio/csi-attacher:v4.7.0,0,1,1
longhornio/csi-node-driver-registrar:v2.12.0,0,1,1
Expand Down Expand Up @@ -52,7 +52,7 @@ rancher/klipper-lb:v0.4.9,0,0,0
rancher/kubectl:v1.20.2,4,43,47
rancher/kubectl:v1.21.5,4,38,42
rancher/kubectl:v1.29.2,1,2,3
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,0,0,0
rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5,6,36,42
rancher/mirrored-cluster-api-controller:v1.7.3,0,1,1
rancher/mirrored-fluent-fluent-bit:2.2.0,5,16,21
rancher/mirrored-grafana-grafana:9.1.5,9,69,78
Expand Down
Loading

0 comments on commit 1d3b367

Please sign in to comment.