Update 2024-11-29

rancher · Nov 29, 2024 · 2876ae3 · 2876ae3
1 parent cbdb05b
commit 2876ae3
Show file tree

Hide file tree

Showing 67 changed files with 30,215 additions and 59,263 deletions.
diff --git a/docs/csv/report-harvester-master-cves.csv b/docs/csv/report-harvester-master-cves.csv
@@ -1,10 +1,4 @@
 image,release,package_name,package_version,type,vulnerability_id,severity,url,target,patched_version,mirrored,status,justification
-ghcr.io/k8snetworkplumbingwg/whereabouts:v0.6.3,harvester/master,stdlib,v1.20.12,gobinary,CVE-2024-24790,CRITICAL,https://avd.aquasec.com/nvd/cve-2024-24790,ip-control-loop,"1.21.11, 1.22.4",false,affected,
-ghcr.io/k8snetworkplumbingwg/whereabouts:v0.6.3,harvester/master,stdlib,v1.20.12,gobinary,CVE-2023-45288,HIGH,https://avd.aquasec.com/nvd/cve-2023-45288,ip-control-loop,"1.21.9, 1.22.2",false,affected,
-ghcr.io/k8snetworkplumbingwg/whereabouts:v0.6.3,harvester/master,stdlib,v1.20.12,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,ip-control-loop,"1.22.7, 1.23.1",false,affected,
-ghcr.io/k8snetworkplumbingwg/whereabouts:v0.6.3,harvester/master,stdlib,v1.20.12,gobinary,CVE-2024-24790,CRITICAL,https://avd.aquasec.com/nvd/cve-2024-24790,whereabouts,"1.21.11, 1.22.4",false,affected,
-ghcr.io/k8snetworkplumbingwg/whereabouts:v0.6.3,harvester/master,stdlib,v1.20.12,gobinary,CVE-2023-45288,HIGH,https://avd.aquasec.com/nvd/cve-2023-45288,whereabouts,"1.21.9, 1.22.2",false,affected,
-ghcr.io/k8snetworkplumbingwg/whereabouts:v0.6.3,harvester/master,stdlib,v1.20.12,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,whereabouts,"1.22.7, 1.23.1",false,affected,
 ghcr.io/kube-vip/kube-vip-iptables:v0.8.1,harvester/master,stdlib,v1.22.4,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,kube-vip,"1.22.7, 1.23.1",false,affected,
 longhornio/backing-image-manager:v1.7.2,harvester/master,qemu-img,8.2.6-150600.3.15.1,suse linux enterprise server,SUSE-SU-2024:3744-1,HIGH,,longhornio/backing-image-manager:v1.7.2 (suse linux enterprise server 15.6),8.2.7-15061.6.coco15sp6.1,false,affected,
 longhornio/backing-image-manager:v1.7.2,harvester/master,qemu-pr-helper,8.2.6-150600.3.15.1,suse linux enterprise server,SUSE-SU-2024:3744-1,HIGH,,longhornio/backing-image-manager:v1.7.2 (suse linux enterprise server 15.6),8.2.7-15061.6.coco15sp6.1,false,affected,
@@ -50,6 +44,7 @@ rancher/hardened-dns-node-cache:1.23.1-build20240910,harvester/master,github.com
 rancher/hardened-dns-node-cache:1.23.1-build20240910,harvester/master,k8s.io/kubernetes,v1.26.10,gobinary,CVE-2023-5528,HIGH,https://avd.aquasec.com/nvd/cve-2023-5528,node-cache,"1.28.4, 1.27.8, 1.26.11, 1.25.16",false,affected,
 rancher/hardened-dns-node-cache:1.23.1-build20240910,harvester/master,k8s.io/kubernetes,v1.26.10,gobinary,CVE-2024-0793,HIGH,https://avd.aquasec.com/nvd/cve-2024-0793,node-cache,1.27.0-alpha.1,false,affected,
 rancher/hardened-dns-node-cache:1.23.1-build20240910,harvester/master,k8s.io/kubernetes,v1.26.10,gobinary,CVE-2024-10220,HIGH,https://avd.aquasec.com/nvd/cve-2024-10220,node-cache,"1.28.12, 1.29.7, 1.30.3",false,affected,
+rancher/hardened-dns-node-cache:1.23.1-build20240910,harvester/master,k8s.io/kubernetes,v1.26.10,gobinary,CVE-2024-5321,HIGH,https://avd.aquasec.com/nvd/cve-2024-5321,node-cache,"1.27.16, 1.28.12, 1.29.7, 1.30.3",false,affected,
 rancher/hardened-flannel:v0.25.6-build20240910,harvester/master,libopenssl-3-fips-provider,3.1.4-150600.5.15.1,suse linux enterprise server,SUSE-SU-2024:3501-1,HIGH,,rancher/hardened-flannel:v0.25.6-build20240910 (suse linux enterprise server 15.6),3.1.4-150600.5.18.1,false,affected,
 rancher/hardened-flannel:v0.25.6-build20240910,harvester/master,libopenssl3,3.1.4-150600.5.15.1,suse linux enterprise server,SUSE-SU-2024:3501-1,HIGH,,rancher/hardened-flannel:v0.25.6-build20240910 (suse linux enterprise server 15.6),3.1.4-150600.5.18.1,false,affected,
 rancher/hardened-flannel:v0.25.6-build20240910,harvester/master,openssl-3,3.1.4-150600.5.15.1,suse linux enterprise server,SUSE-SU-2024:3501-1,HIGH,,rancher/hardened-flannel:v0.25.6-build20240910 (suse linux enterprise server 15.6),3.1.4-150600.5.18.1,false,affected,
@@ -620,6 +615,7 @@ rancher/nginx-ingress-controller:v1.10.4-hardened3,harvester/master,libpython3_6
 rancher/nginx-ingress-controller:v1.10.4-hardened3,harvester/master,openssl-3,3.1.4-150600.5.15.1,suse linux enterprise server,SUSE-SU-2024:3501-1,HIGH,,rancher/nginx-ingress-controller:v1.10.4-hardened3 (suse linux enterprise server 15.6),3.1.4-150600.5.18.1,false,affected,
 rancher/nginx-ingress-controller:v1.10.4-hardened3,harvester/master,python3-base,3.6.15-150300.10.65.1,suse linux enterprise server,SUSE-SU-2024:3470-1,HIGH,,rancher/nginx-ingress-controller:v1.10.4-hardened3 (suse linux enterprise server 15.6),3.6.15-150300.10.72.1,false,affected,
 rancher/rancher-webhook:v0.5.2,harvester/master,k8s.io/kubernetes,v1.30.1,gobinary,CVE-2024-10220,HIGH,https://avd.aquasec.com/nvd/cve-2024-10220,usr/bin/webhook,"1.28.12, 1.29.7, 1.30.3",false,affected,
+rancher/rancher-webhook:v0.5.2,harvester/master,k8s.io/kubernetes,v1.30.1,gobinary,CVE-2024-5321,HIGH,https://avd.aquasec.com/nvd/cve-2024-5321,usr/bin/webhook,"1.27.16, 1.28.12, 1.29.7, 1.30.3",false,affected,
 rancher/rancher:v2.9.2,harvester/master,libopenssl-3-fips-provider,3.1.4-150600.5.15.1,suse linux enterprise server,SUSE-SU-2024:3501-1,HIGH,,rancher/rancher:v2.9.2 (suse linux enterprise server 15.6),3.1.4-150600.5.18.1,false,affected,
 rancher/rancher:v2.9.2,harvester/master,libopenssl3,3.1.4-150600.5.15.1,suse linux enterprise server,SUSE-SU-2024:3501-1,HIGH,,rancher/rancher:v2.9.2 (suse linux enterprise server 15.6),3.1.4-150600.5.18.1,false,affected,
 rancher/rancher:v2.9.2,harvester/master,openssl-3,3.1.4-150600.5.15.1,suse linux enterprise server,SUSE-SU-2024:3501-1,HIGH,,rancher/rancher:v2.9.2 (suse linux enterprise server 15.6),3.1.4-150600.5.18.1,false,affected,
@@ -655,6 +651,7 @@ rancher/rancher:v2.9.2,harvester/master,github.com/rancher/rancher,v2.9.2,gobina
 rancher/rancher:v2.9.2,harvester/master,github.com/rancher/rancher,v2.9.2,gobinary,CVE-2022-45157,HIGH,https://avd.aquasec.com/nvd/cve-2022-45157,usr/bin/rancher,"2.9.3, 2.8.9",false,affected,
 rancher/rancher:v2.9.2,harvester/master,github.com/rancher/steve,v0.0.0-20240911190153-79304d93b49b,gobinary,CVE-2024-52280,HIGH,https://avd.aquasec.com/nvd/cve-2024-52280,usr/bin/rancher,0.0.0-20241029132712-2175e090fe4b,false,affected,
 rancher/rancher:v2.9.2,harvester/master,k8s.io/kubernetes,v1.30.1,gobinary,CVE-2024-10220,HIGH,https://avd.aquasec.com/nvd/cve-2024-10220,usr/bin/rancher,"1.28.12, 1.29.7, 1.30.3",false,affected,
+rancher/rancher:v2.9.2,harvester/master,k8s.io/kubernetes,v1.30.1,gobinary,CVE-2024-5321,HIGH,https://avd.aquasec.com/nvd/cve-2024-5321,usr/bin/rancher,"1.27.16, 1.28.12, 1.29.7, 1.30.3",false,affected,
 rancher/rancher:v2.9.2,harvester/master,stdlib,v1.22.5,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,usr/bin/rancher-machine,"1.22.7, 1.23.1",false,affected,
 rancher/rancher:v2.9.2,harvester/master,stdlib,v1.22.4,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,usr/bin/runc,"1.22.7, 1.23.1",false,affected,
 rancher/rancher:v2.9.2,harvester/master,github.com/rancher/norman,v0.0.0-20210709145327-afd06f533ca3,gobinary,CVE-2023-32193,HIGH,https://avd.aquasec.com/nvd/cve-2023-32193,usr/bin/telemetry,0.0.0-20240207153100-3bb70b772b52,false,affected,
@@ -726,7 +723,6 @@ rancher/shell:v0.2.1,harvester/master,stdlib,v1.22.0,gobinary,CVE-2024-34156,HIG
 rancher/shell:v0.2.1,harvester/master,stdlib,v1.21.11,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,usr/local/bin/kubectl,"1.22.7, 1.23.1",false,affected,
 rancher/shell:v0.2.1,harvester/master,stdlib,v1.21.10,gobinary,CVE-2024-24790,CRITICAL,https://avd.aquasec.com/nvd/cve-2024-24790,usr/local/bin/kustomize,"1.21.11, 1.22.4",false,affected,
 rancher/shell:v0.2.1,harvester/master,stdlib,v1.21.10,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,usr/local/bin/kustomize,"1.22.7, 1.23.1",false,affected,
-rancher/support-bundle-kit:master-head,harvester/master,stdlib,v1.22.5,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,usr/bin/yq,"1.22.7, 1.23.1",false,affected,
 rancher/system-agent-installer-rancher:v2.9.2,harvester/master,stdlib,v1.22.4,gobinary,CVE-2024-34156,HIGH,https://avd.aquasec.com/nvd/cve-2024-34156,helm,"1.22.7, 1.23.1",false,affected,
 rancher/system-agent:v0.3.9-suc,harvester/master,libopenssl-3-fips-provider,3.1.4-150600.5.15.1,suse linux enterprise server,SUSE-SU-2024:3501-1,HIGH,,rancher/system-agent:v0.3.9-suc (suse linux enterprise server 15.6),3.1.4-150600.5.18.1,false,affected,
 rancher/system-agent:v0.3.9-suc,harvester/master,libopenssl3,3.1.4-150600.5.15.1,suse linux enterprise server,SUSE-SU-2024:3501-1,HIGH,,rancher/system-agent:v0.3.9-suc (suse linux enterprise server 15.6),3.1.4-150600.5.18.1,false,affected,

diff --git a/docs/csv/report-harvester-master-stats.csv b/docs/csv/report-harvester-master-stats.csv
@@ -1,5 +1,5 @@
 image,critical,high,total
-ghcr.io/k8snetworkplumbingwg/whereabouts:v0.6.3,2,4,6
+ghcr.io/k8snetworkplumbingwg/whereabouts:v0.6.3,0,0,0
 ghcr.io/kube-vip/kube-vip-iptables:v0.8.1,0,1,1
 longhornio/backing-image-manager:v1.7.2,0,3,3
 longhornio/csi-attacher:v4.7.0,0,1,1
@@ -23,7 +23,7 @@ rancher/hardened-calico:v3.28.1-build20240911,0,3,3
 rancher/hardened-cluster-autoscaler:v1.8.11-build20240910,0,0,0
 rancher/hardened-cni-plugins:v1.5.1-build20240910,0,0,0
 rancher/hardened-coredns:v1.11.1-build20240910,0,3,3
-rancher/hardened-dns-node-cache:1.23.1-build20240910,0,4,4
+rancher/hardened-dns-node-cache:1.23.1-build20240910,0,5,5
 rancher/hardened-etcd:v3.5.13-k3s1-build20240910,0,0,0
 rancher/hardened-flannel:v0.25.6-build20240910,0,3,3
 rancher/hardened-k8s-metrics-server:v0.7.1-build20240910,0,0,0
@@ -74,14 +74,14 @@ rancher/mirrored-prometheus-prometheus:v2.45.0,4,15,19
 rancher/mirrored-sig-storage-snapshot-controller:v6.2.1,3,24,27
 rancher/mirrored-sig-storage-snapshot-validation-webhook:v6.2.2,3,23,26
 rancher/nginx-ingress-controller:v1.10.4-hardened3,0,8,8
-rancher/rancher-webhook:v0.5.2,0,1,1
-rancher/rancher:v2.9.2,11,32,43
+rancher/rancher-webhook:v0.5.2,0,2,2
+rancher/rancher:v2.9.2,11,33,44
 rancher/rke2-cloud-provider:v1.29.8-build20240910,0,0,0
 rancher/rke2-runtime:v1.29.9-rke2r1,1,2,3
 rancher/shell:v0.1.24,6,21,27
 rancher/shell:v0.1.26,4,13,17
 rancher/shell:v0.2.1,4,12,16
-rancher/support-bundle-kit:master-head,0,1,1
+rancher/support-bundle-kit:master-head,0,0,0
 rancher/system-agent-installer-rancher:v2.9.2,0,1,1
 rancher/system-agent-installer-rke2:v1.29.9-rke2r1,0,0,0
 rancher/system-agent:v0.3.9-suc,0,5,5