diff --git a/render/render.go b/render/render.go index d86c3b0..c17193c 100644 --- a/render/render.go +++ b/render/render.go @@ -1,9 +1,12 @@ package render import ( - _ "embed" + "embed" "encoding/json" + "io/fs" "os" + "path/filepath" + "slices" "text/template" k8s "github.com/aquasecurity/trivy/pkg/k8s/report" @@ -11,8 +14,10 @@ import ( "golang.org/x/xerrors" ) -//go:embed template/html.tpl -var htmlTmpl []byte +//go:embed templates/* +var templates embed.FS + +var extensions = []string{".tpl", ".js", ".css"} func Render(fileName string, inputData []byte) error { var kubernetes k8s.Report @@ -31,7 +36,23 @@ func Render(fileName string, inputData []byte) error { results = append(results, resource.Results...) } - tmpl, err := template.New("temp").Parse(string(htmlTmpl)) + templateFS, err := fs.Sub(templates, "templates") + if err != nil { + return xerrors.Errorf("error loading templates: %w", err) + } + + files, err := collectFiles(templateFS) + if err != nil { + return xerrors.Errorf("error collecting files: %w", err) + } + + tmpl, err := template.New("temp").Funcs(template.FuncMap{ + "toJSON": func(v interface{}) (string, error) { + bytes, err := json.Marshal(v) + return string(bytes), err + }, + }).ParseFS(templateFS, files...) + if err != nil { return xerrors.Errorf("error parsing template: %v\n", err) } @@ -42,9 +63,34 @@ func Render(fileName string, inputData []byte) error { } defer output.Close() - if err = tmpl.Execute(output, results); err != nil { + if err = tmpl.ExecuteTemplate(output, "html.tpl", results); err != nil { return xerrors.Errorf("error executing template: %v\n", err) } return nil } + +func collectFiles(templateFS fs.FS) ([]string, error) { + var files []string + err := fs.WalkDir(templateFS, ".", func(path string, d fs.DirEntry, err error) error { + if err != nil { + return xerrors.Errorf("error listing files in %s: %w", path, err) + } + + if d.IsDir() { + return nil + } + + if slices.Contains(extensions, filepath.Ext(path)) { + files = append(files, path) + } + + return nil + }) + + if err != nil { + return nil, xerrors.Errorf("error listing files: %w", err) + } + + return files, nil +} diff --git a/render/render_test.go b/render/render_test.go index a04308d..30c74f0 100644 --- a/render/render_test.go +++ b/render/render_test.go @@ -22,6 +22,11 @@ func TestRender(t *testing.T) { jsonPath: "testdata/input/happy.json", goldenPath: "testdata/golden/happy.html", }, + { + name: "graph", + jsonPath: "testdata/input/graph.json", + goldenPath: "testdata/golden/graph.html", + }, { name: "happy k8s", jsonPath: "testdata/input/happy-k8s.json", diff --git a/render/template/html.tpl b/render/template/html.tpl deleted file mode 100644 index 36f3b36..0000000 --- a/render/template/html.tpl +++ /dev/null @@ -1,739 +0,0 @@ - - - - - - Trivy Report - - - - - - - - -
-{{- if . }} -

Trivy Report - {{ ( index . 0 ).Target }} -

-
- -
- - -{{- range . }} -{{- if or .Vulnerabilities .Misconfigurations .Secrets}} -
-

{{ .Target}}

-
- -{{- if .Vulnerabilities }} - - - - - - - - - - - - - {{- range .Vulnerabilities }} - - - - - - - - - {{- end}} - -
Package - - - - Vulnerability ID - - - - Severity - - - - Installed Version - - - - Fixed Version - - - - Links - - - -
{{ .PkgName }}{{ .VulnerabilityID }}{{ .Vulnerability.Severity }}{{ .InstalledVersion }}{{ .FixedVersion }} - {{- range .Vulnerability.References }} - {{ . }} - {{- end }} -
-{{- end }} - - {{- if .Misconfigurations }} - - - - - - - - - - - - - - {{- range .Misconfigurations }} - - - - - - - - {{- end}} - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
{{ .Type}}{{ .ID }}{{ .Title }}{{ .Severity }}{{ .Message }} -
- {{ .PrimaryURL }} -
-
-{{- end }} - -{{- if .Secrets }} -
-

- {{ .Target }} - ({{ .Class }}) -

- -
- {{- $target := .Target }} - {{- range .Secrets }} -
-
- {{ .Severity }} - {{.Category}} ({{ .RuleID }}) -
-
{{ .Title }}
-
- {{ $target}} - : - - {{ if eq .StartLine .EndLine }} - {{ .StartLine }} - {{ else }} - {{ .StartLine }} - {{ .EndLine }} - {{ end }} -
-
- {{- range .Code.Lines }} - {{- if .IsCause}} -
-
{{ .Number}}
-
- 
 {{.Content}}
-
-
- {{- else}} -
-
{{ .Number}}
-
- 
 {{.Content}}
-
-
- {{- end }} - {{- end}} -
-
-
- {{- end}} -
- {{- end}} - -{{- if .Packages }} -
-

Packages

-
- - - - - - - - - - - - - - {{- range .Packages }} - - - - - - - - {{- end}} - -
ID - - - - Name - - - - Version - - - - SrcName - - - - SrcVersion - - - -
{{ .ID }}{{ .Name }}{{ .Version }}{{ .SrcName }}{{ .SrcVersion }}
-{{- end }} - -{{- end }} -{{- end }} -{{- else }} -

Trivy Returned Empty Report

-{{- end }} -

- - \ No newline at end of file diff --git a/render/templates/html.tpl b/render/templates/html.tpl new file mode 100644 index 0000000..0a29b84 --- /dev/null +++ b/render/templates/html.tpl @@ -0,0 +1,327 @@ + + + + + + Trivy Report + + + + +{{- if . }} +

Trivy Report - {{ ( index . 0 ).Target }} +

+
+ +
+ +
+
+ + +
+ + + +
+
+
+
+
+
+ +
+ +{{- range $resultIndex, $result := . }} +{{- if or .Vulnerabilities .Misconfigurations .Secrets}} + +
+

{{ .Target}}

+
+{{- if .Vulnerabilities }} + + + + + + + + + + + + + {{- range .Vulnerabilities }} + + + + + + + + + {{- end}} + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
{{ .PkgName }}{{ .VulnerabilityID }}{{ .Vulnerability.Severity }}{{ .InstalledVersion }}{{ .FixedVersion }} + {{- range .Vulnerability.References }} + {{ . }} + {{- end }} +
+{{- end }} + + +{{- if .Misconfigurations }} +
+ + + + + + + + + + + + + + + {{- range $index, $misc:= .Misconfigurations }} + + + + + + + + {{- end}} + +
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
{{ .Type}} {{ .ID }}{{ .Title }}{{ .Severity }}{{ .Message }} +
+ {{ .PrimaryURL }} +
+
+ +
+
+ +
+ + +
+
+
+ +
+
+{{- end }} + + +{{- if .Secrets }} +
+

+ {{ .Target }} + ({{ .Class }}) +

+ +
+ {{- $target := .Target }} + {{- range .Secrets }} +
+
+ {{ .Severity }} + {{.Category}} ({{ .RuleID }}) +
+
{{ .Title }}
+
+ {{ $target}} + : + + {{ if eq .StartLine .EndLine }} + {{ .StartLine }} + {{ else }} + {{ .StartLine }} - {{ .EndLine }} + {{ end }} +
+
+ {{- range .Code.Lines }} + {{- if .IsCause}} +
+
{{ .Number}}
+
+ 
 {{.Content}}
+
+
+ {{- else}} +
+
{{ .Number}}
+
+ 
 {{.Content}}
+
+
+ {{- end }} + {{- end}} +
+
+
+ {{- end}} +
+{{- end}} + +{{- if .Packages }} +
+

Packages

+
+ + + + + + + + + + + + + + {{- range .Packages }} + + + + + + + + {{- end}} + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
{{ .ID }}{{ .Name }}{{ .Version }}{{ .SrcName }}{{ .SrcVersion }}
+{{- end }} + +{{- end }} + +{{- end }} +{{- else }} +

Trivy Returned Empty Report

+{{- end }} + + + + + + + + \ No newline at end of file diff --git a/render/templates/src/components/graph.js b/render/templates/src/components/graph.js new file mode 100644 index 0000000..bedca22 --- /dev/null +++ b/render/templates/src/components/graph.js @@ -0,0 +1,353 @@ +const codeNode = 1 << 1; +const occurrenceNode = 1 << 2; +let inWindow = false; +let currentTable; +let cy = cytoscape({ + container: document.querySelector('.graph'), + elements: [], + style: [ + { + selector: 'node', + style: { + label: 'data(label)', + 'background-color': '#666', + color: '#000', + 'text-valign': 'center', + 'text-halign': 'center', + width: '80px', + height: '80px', + }, + }, + { + selector: `node[type=${codeNode}]`, + style: { + 'background-color': '#c8c8c8', + 'font-size': '14px', + 'text-valign': 'center', + 'text-halign': 'center', + }, + }, + { + selector: `node[type=${occurrenceNode}]`, + style: {'background-color': '#1E90FF'}, + }, + { + selector: 'edge', + style: { + label: 'data(label)', + width: 3, + 'line-color': '#ccc', + 'curve-style': 'bezier', + 'target-arrow-color': 'black', + 'target-arrow-shape': 'triangle', + }, + }, + ], + layout: { + name: 'cose', + }, +}); + +async function init() { + function createSublist(tableIndex, misconfigurations) { + const table = document.querySelector(`.misc-table[data-index = "${tableIndex}"]`); + const content = document.querySelector(`.content[data-index = "${tableIndex}"]`) + const allContent = document.querySelectorAll('.content'); + const allTables = document.querySelectorAll('table'); + const info = document.getElementById('info'); + + misconfigurations.forEach((misconfig, idx) => { + const listItem = document.querySelector(`[data-index="${tableIndex} ${idx}"]`); + listItem.addEventListener('click', function (e) { + e.stopPropagation(); + currentTable = table; + if (!inWindow) { + changeContainer(tableIndex) + allTables.forEach((table) => { + table.style.width = "100%"; + + }); + + allContent.forEach((item) => { + item.style.display = "none"; + }); + info.style.position = 'absolute'; + + table.style.width = '70%'; + content.style.display = 'flex'; + + removePlaceholderRows(); + addPlaceholderRows(); + + } else { + info.style.position = 'fixed'; + } + + info.style.display = "none"; + renderGraph(misconfig); + }); + + }); + + } + + results.forEach((result, index) => { + if (result.Misconfigurations === undefined) { + return; + } + + createSublist(index, result.Misconfigurations); + + }); +} + +window.onload = init; + +function addPlaceholderRows() { + const rowCount = currentTable.querySelectorAll("tr").length; + const targetRows = 10; + const placeholderCount = targetRows - rowCount; + + for (let i = 0; i < placeholderCount; i++) { + const placeholderRow = document.createElement("tr"); + placeholderRow.classList.add("placeholder-row"); + placeholderRow.innerHTML = ""; + currentTable.querySelector("tbody").appendChild(placeholderRow); + } +} + +function removePlaceholderRows() { + const placeholders = document.querySelectorAll(".placeholder-row"); + placeholders.forEach(row => row.remove()); +} + +function changeContainer(index) { + const newContainer = document.querySelector(`.graph[data-index="${index}"]`); + + const elements = cy.json().elements.nodes ? cy.json().elements : []; + + const style = cy.style().json(); + + cy.destroy(); + + cy = cytoscape({ + container: newContainer, + elements: elements, + style: style, + layout: {name: 'cose'} + }); + + addInfoEventsListening(index); +} + +function addInfoEventsListening(index) { + cy.on('tap', 'node', function (evt) { + const node = evt.target; + const infoBox = document.getElementById("info"); + const graphRect = document.querySelector(`.graph[data-index="${index}"]`).getBoundingClientRect(); + + let content = ''; + if (node.data('type') === codeNode) { + content = `Code Snippet:
${node.data('content')}
`; + } else if (node.data('type') === occurrenceNode) { + content = `File: ${node.data('file')}
Location: Lines ${node.data('start')} - ${node.data('end')}`; + } + + let top = graphRect.top + evt.renderedPosition.y; + let left = window.scrollX + graphRect.left + evt.renderedPosition.x; + + if (!inWindow) { + top += window.scrollY; + } + + infoBox.innerHTML = content; + infoBox.style.left = left + 'px'; + infoBox.style.top = top + 'px'; + infoBox.style.display = 'block'; + }); + + cy.on('tap', function (event) { + if (event.target === cy) { + document.getElementById("info").style.display = 'none'; + } + }); +} + +function renderGraph(misconf) { + const nodes = []; + const edges = []; + + if (misconf.CauseMetadata === undefined) { + return; + } + + const findingID = `finding`; + if (misconf.CauseMetadata.Code?.Lines !== null) { + const code = misconf.CauseMetadata.Code?.Lines.reduce((prev, curr, idx) => { + if (idx === 0) { + return curr.Content; + } + return prev + '\n' + curr.Content; + }, ''); + + const highlightedCode = hljs.highlight(code, {language: 'hcl'}).value; + + nodes.push({ + data: { + id: findingID, + label: misconf.CauseMetadata.Resource, + type: codeNode, + content: highlightedCode, + }, + }); + } + + if (misconf.CauseMetadata.Occurrences !== undefined) { + misconf.CauseMetadata.Occurrences.forEach((occurrence, idx) => { + const occurenceID = `${idx}-occurrence`; + nodes.push({ + data: { + id: occurenceID, + label: occurrence.Resource, + type: occurrenceNode, + file: occurrence.Filename, + start: occurrence.Location.StartLine, + end: occurrence.Location.EndLine, + }, + }); + + const edgeID = `${idx}-edge`; + + // the first occurrence is the cause, which is stored in the cause metadata + if (idx === 0) { + edges.push({ + data: { + id: edgeID, + source: occurenceID, + target: findingID, + label: 'Caused by', + }, + }); + } else { + const targetID = `${idx - 1}-occurrence`; + + edges.push({ + data: { + id: edgeID, + source: occurenceID, + target: targetID, + label: 'Caused by', + }, + }); + } + }); + } + cy.elements().remove(); + cy.add(nodes); + cy.add(edges); + + cy.layout({name: 'cose'}).run(); + +} + + +const allTables = document.querySelectorAll('table'); +const closeContent = document.querySelectorAll('.close-button'); +const content = document.querySelectorAll('.content'); +const info = document.getElementById('info'); +const movableWindow = document.getElementById('movable-window'); +const hideButton = document.querySelector('.hide-window'); +const openWindow = document.querySelectorAll('.open-window-button'); + +closeContent.forEach((button) => { + button.addEventListener('click', () => { + info.style.display = 'none'; + allTables.forEach((table) => { + table.style.width = "100%"; + + }); + removePlaceholderRows(); + content.forEach((item) => { + item.style.display = "none"; + }); + }); + +}); + +function closeMovableWindow() { + movableWindow.style.display = 'none'; + info.style.display = 'none'; + inWindow = false; +} + +document.querySelector('.close-window').addEventListener('click', () => { + closeMovableWindow(); +}); + +hideButton.addEventListener("click", () => { + movableWindow.classList.toggle('hidden'); + info.style.display = 'none'; +}); + +openWindow.forEach((button) => { + button.addEventListener("click", () => { + if (inWindow) { + inWindow = false; + let index = currentTable.getAttribute('data-index'); + let content = document.querySelector(`.content[data-index = "${index}"]`) + closeMovableWindow(); + changeContainer(index); + currentTable.style.width = '70%'; + info.style.display = 'none'; + info.style.position = 'absolute'; + content.style.display = 'flex'; + } else { + inWindow = true; + changeContainer("window"); + removePlaceholderRows(); + + allTables.forEach((table) => { + table.style.width = '100%'; + }); + + document.querySelectorAll('.content').forEach((item) => { + item.style.display = "none"; + }); + + info.style.position = 'fixed'; + info.style.display = 'none'; + + movableWindow.style.display = 'block'; + } + + }); +}); + + +const header = document.getElementById('movable-header'); + +let isDragging = false; +let offsetX = 0; +let offsetY = 0; + +header.addEventListener('mousedown', (e) => { + isDragging = true; + offsetX = e.clientX - movableWindow.offsetLeft; + offsetY = e.clientY - movableWindow.offsetTop; + document.body.style.userSelect = 'none'; +}); + +document.addEventListener('mousemove', (e) => { + if (isDragging) { + let newLeft = e.clientX - offsetX; + let newTop = e.clientY - offsetY; + + newLeft = Math.max(0, Math.min(window.innerWidth - movableWindow.offsetWidth, newLeft)); + newTop = Math.max(0, Math.min(window.innerHeight - movableWindow.offsetHeight, newTop)); + + movableWindow.style.left = newLeft + 'px'; + movableWindow.style.top = newTop + 'px'; + + cy.resize() + } +}); \ No newline at end of file diff --git a/render/templates/src/components/interactivity.js b/render/templates/src/components/interactivity.js new file mode 100644 index 0000000..e6aa04c --- /dev/null +++ b/render/templates/src/components/interactivity.js @@ -0,0 +1,139 @@ +document.addEventListener('mouseup', () => { + isDragging = false; + document.body.style.userSelect = ''; +}); + +function insertAfter(referenceNode, newNode) { + referenceNode.parentNode.insertBefore(newNode, referenceNode.nextSibling); +} + +const severityOrder = { + UNKNOWN: {order: 5}, + LOW: {order: 4}, + MEDIUM: {order: 3}, + HIGH: {order: 2}, + CRITICAL: {order: 1}, +}; + +function attachLinksInteractivity() { + document.querySelectorAll("td.links").forEach(function (linkCell) { + const links = [].concat.apply([], linkCell.querySelectorAll("a")); + [].sort.apply(links, function (a, b) { + return a.href > b.href ? 1 : -1; + }); + links.forEach(function (link, idx) { + if (links.length > 0 && 0 === idx) { + const toggleLink = document.createElement("a"); + toggleLink.innerText = "Toggle more links"; + toggleLink.href = "#toggleMore"; + toggleLink.setAttribute("class", "toggle-more-links"); + linkCell.appendChild(toggleLink); + } + linkCell.appendChild(link); + }); + }); + + document + .querySelectorAll("a.toggle-more-links") + .forEach(function (toggleLink) { + toggleLink.onclick = function () { + const expanded = + toggleLink.parentElement.getAttribute("data-more-links"); + toggleLink.parentElement.setAttribute( + "data-more-links", + "on" === expanded ? "off" : "on" + ); + return false; + }; + }); +} + +function attachFilterInteractivity() { + const filterBar = document.querySelector(".filter_bar"); + const nameFilter = filterBar.querySelector(".filter_bar__filter_name"); + const filterable = document.querySelectorAll(".filterable"); + const cellClasses = [ + ".pkg-name", + ".vuln", + ".misc-type", + ".misc-id", + ".severity", + ".pkg-version", + ".pkg-key-name", + ".pkg-key-version", + ".pkg-key-src-name", + ".pkg-key-src-version", + ]; + + function applyFilters(filterValue) { + filterable.forEach((f) => { + const cellValues = cellClasses + .map((cl) => f.querySelector(cl)) + .filter((cell) => cell !== null) + .map((cell) => cell.textContent || cell.innerText); + + const condition = cellValues.some((cellValue) => + cellValue.toUpperCase().includes(filterValue.toUpperCase()) + ); + + f.style.display = condition ? "" : "none"; + }); + } + + nameFilter.addEventListener("keyup", (e) => { + applyFilters(e.target.value); + }); +} + +function attachSortInteractivity() { + let colIx = -1; + const tables = document.querySelectorAll("table"); + const sortTable = (tableIx, cellIndex, type, isSorded) => { + const table = tables[tableIx]; + const tbody = table.querySelector('tbody[data-main="true"]'); + const thead = table.querySelector("thead"); + const inv = (val) => (isSorded ? -val : val); + const compare = (a, b) => { + if (!a.cells[cellIndex] || !b.cells[cellIndex]) return 0; + const rowA = a.cells[cellIndex].innerHTML; + const rowB = b.cells[cellIndex].innerHTML; + if (type === "string") { + if (rowA < rowB) return inv(-1); + if (rowA > rowB) return inv(1); + return 0; + } + if (type === "severity") { + const orderA = severityOrder[rowA].order; + const orderB = severityOrder[rowB].order; + if (orderA < orderB) return inv(-1); + if (orderA > orderB) return inv(1); + return 0; + } + }; + let rows = Array(...tbody.rows); + rows.sort(compare); + table.removeChild(tbody); + rows.forEach((row) => { + tbody.appendChild(row); + }); + insertAfter(thead, tbody); + }; + tables.forEach((table, tableIx) => { + table.addEventListener("click", (e) => { + e.stopPropagation(); + const el = e.target; + const type = el.getAttribute("data-type"); + const sortable = el.getAttribute("data-sortable") === "true"; + if (el.nodeName !== "TH" || !sortable) return; + const cellIndex = el.cellIndex; + sortTable(tableIx, cellIndex, type, colIx === cellIndex); + colIx = colIx === cellIndex ? -1 : cellIndex; + }); + }); +} + +document.addEventListener("DOMContentLoaded", () => { + attachLinksInteractivity(); + attachSortInteractivity(); + attachFilterInteractivity(); +}); \ No newline at end of file diff --git a/render/templates/src/components/style.css b/render/templates/src/components/style.css new file mode 100644 index 0000000..1f4e16a --- /dev/null +++ b/render/templates/src/components/style.css @@ -0,0 +1,351 @@ +* { + font-family: Arial, Helvetica, sans-serif; +} + +body { + height: 100vh; + width: 99vw; +} + +h1, h2 { + text-align: center; +} + +.top-vuln-title, .top-misc-title { + border-bottom: 1px solid #0000001f; +} + +.initially-disabled { + display: none; +} + +.link { + text-overflow: ellipsis; + overflow: hidden; + width: 100%; + height: 1.2em; + white-space: nowrap; +} + +.vuln { + word-wrap: anywhere; +} + +.group-header th { + font-size: 200%; +} + +table, +th, +td { + width: 100%; + border-top: 1px solid #0000001f; + border-collapse: collapse; + padding: .3em; + white-space: normal; +} + +table { + margin-left: 0; + table-layout: fixed; + border: 2px solid #ddd; +} + +.placeholder-row td { + height: 30px; + border: none; + background-color: transparent; + padding: 0; +} + +.last-data-row td { + border-bottom: none; +} + +.severity { + font-weight: bold; +} + + +table tr td:first-of-type { + font-weight: bold; +} + +.links a, +.links[data-more-links=on] a { + display: block; +} + +.links[data-more-links=off] a:nth-of-type(1n+2) { + display: none; +} + +a.toggle-more-links { + cursor: pointer; +} + +th[data-sortable="true"] { + cursor: pointer; +} + +.sub-header th { + font-size: 150%; + text-align: center; + background-color: #ddd; +} + +th svg { + visibility: hidden; + pointer-events: none; +} + +th span { + pointer-events: none; +} + +.sub-header th[data-sortable="true"] svg { + visibility: visible; +} + +ul { + list-style-type: none; +} + +.search { + background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16' fill='%23bdbdbd' viewBox='0 0 16 16'%3E%3Cpath d='M11.742 10.344a6.5 6.5 0 1 0-1.397 1.398h-.001c.03.04.062.078.098.115l3.85 3.85a1 1 0 0 0 1.415-1.414l-3.85-3.85a1.007 1.007 0 0 0-.115-.1zM12 6.5a5.5 5.5 0 1 1-11 0 5.5 5.5 0 0 1 11 0z'%3E%3C/path%3E%3C/svg%3E"); + background-position: 10px 10px; + background-repeat: no-repeat; + width: 100%; + font-size: 16px; + padding: 12px 20px 12px 40px; + border: 1px solid #ddd; +} + +.search:focus { + outline: none; + border-color: #07f; + box-shadow: 0 0 0 2px rgba(0, 119, 255, 0.2); +} + +.filter_bar { + display: flex; + align-items: center; +} + +.filterable:hover { + background-color: #f1f1f1; +} + +.pkg-name { + width: 100%; + height: 1.2em; +} + +.ta-center { + text-align: center; +} + +.break-word { + word-wrap: break-word; +} + +.header__title { + font-size: 24px; +} + +.secret__line { + display: flex; +} + +.secret__code { + background-color: #f1f1f1; + border: #e1e1e1; + border-radius: 5px; + padding: 10px 0 10px 15px; +} + +.secret__line pre { + margin: 0; + overflow-wrap: anywhere; + white-space: pre-line; +} + +.secret__line-cause { + color: #e40000; +} + +.secret__line-number { + border-right: 1px solid black; + margin-right: 10px; + padding-right: 10px; +} + +.secret__src-file { + color: #1f6feb +} + +.secret__src-lines { + color: #1f6feb +} + +.severity-LOW { + color: #5fbb31; +} + +.severity-MEDIUM { + color: #e9c600; +} + +.severity-HIGH { + color: #ff8800; +} + +.severity-CRITICAL { + color: #e40000; +} + +.severity-UNKNOWN { + color: #747474; +} + +.secret__severity { + font-weight: bold; +} + +.secret-results__title { + margin-bottom: 0; + font-size: 24px; +} + +.secret__head { + margin-left: 15px; +} + +.secret__title { + margin-left: 15px; +} + +.secret__src { + margin-left: 15px; +} + +.secret + .secret { + margin-top: 10px; +} + +ul { + list-style: none; +} + +.hidden { + display: none; +} + +.target-item { + margin-bottom: 10px; +} + +.target-item:hover { + background-color: #7d7d7d; +} + +.sidebar li > ul { + display: none; + /* padding-left: 20px; */ +} + +.sidebar li.active > ul { + display: block; +} + +.graph { + flex-grow: 1; + background-color: #ecf0f1; + width: 100%; + height: 100%; +} + +.content { + flex-direction: column; + flex: 1 1 auto; + display: none; + background-color: #fff; + border: 1px solid #ccc; + overflow: hidden; +} + +.movable-content { + padding: 10px; + height: 100%; + background-color: #fff; + border: 1px solid #ccc; +} + +.graph-buttons button, +.open-window-button +{ + background: none; + border: none; + font-size: 18px; + color: white; + cursor: pointer; + font-weight: bold; +} + +.graph-buttons{ + flex-direction: row; + display: flex; +} + +.content-header { + position: relative; + display: flex; + justify-content: space-between; + background-color: #007bff; + color: white; + padding: 10px; + user-select: none; +} + +#movable-window { + position: fixed; + top: 2%; + right: 3%; + width: 30%; + height: 50%; + background-color: #fff; + border: 1px solid #ccc; + box-shadow: 0 4px 8px rgba(0, 0, 0, 0.2); + z-index: 1000; + display: none; +} + + +#movable-window.hidden { + height: auto; + min-height: unset; + overflow: hidden; +} + +#movable-window.hidden .movable-content { + display: none; +} + +.container { + padding-bottom: 10px; + flex-direction: row; + width: 100%; + display: flex; + overflow: hidden; +} + +#info { + display: none; + z-index: 1000; + position: absolute; + background: white; + border: 1px solid black; + padding: 5px; + left: 599px; + top: 359px; +} \ No newline at end of file diff --git a/render/templates/src/highlightjs/github.min.css b/render/templates/src/highlightjs/github.min.css new file mode 100644 index 0000000..67184f5 --- /dev/null +++ b/render/templates/src/highlightjs/github.min.css @@ -0,0 +1,85 @@ +/*! + Theme: GitHub + Description: Light theme as seen on github.com + Author: github.com + Maintainer: @Hirse + Updated: 2021-05-15 + + Outdated base version: https://github.com/primer/github-syntax-light + Current colors taken from GitHub's CSS + */ +.hljs { + color: #24292e; + background: #fff +} + +.hljs-doctag, .hljs-keyword, .hljs-meta .hljs-keyword, .hljs-template-tag, .hljs-template-variable, .hljs-type, .hljs-variable.language_ { + color: #d73a49 +} + +.hljs-title, .hljs-title.class_, .hljs-title.class_.inherited__, .hljs-title.function_ { + color: #6f42c1 +} + +.hljs-attr, .hljs-attribute, .hljs-literal, .hljs-meta, .hljs-number, .hljs-operator, .hljs-selector-attr, .hljs-selector-class, .hljs-selector-id, .hljs-variable { + color: #005cc5 +} + +.hljs-meta .hljs-string, .hljs-regexp, .hljs-string { + color: #032f62 +} + +.hljs-built_in, .hljs-symbol { + color: #e36209 +} + +.hljs-code, .hljs-comment, .hljs-formula { + color: #6a737d +} + +.hljs-name, .hljs-quote, .hljs-selector-pseudo, .hljs-selector-tag { + color: #22863a +} + +.hljs-subst { + color: #24292e +} + +.hljs-section { + color: #005cc5; + font-weight: 700 +} + +.hljs-bullet { + color: #735c0f +} + +.hljs-emphasis { + color: #24292e; + font-style: italic +} + +.hljs-strong { + color: #24292e; + font-weight: 700 +} + +.hljs-addition { + color: #22863a; + background-color: #f0fff4 +} + +.hljs-deletion { + color: #b31d28; + background-color: #ffeef0 +} + +pre code.hljs { + display: block; + overflow-x: auto; + padding: 1em +} + +code.hljs { + padding: 3px 5px +} \ No newline at end of file diff --git a/render/templates/src/highlightjs/highlight.min.js b/render/templates/src/highlightjs/highlight.min.js new file mode 100644 index 0000000..9a95dbe --- /dev/null +++ b/render/templates/src/highlightjs/highlight.min.js @@ -0,0 +1,309 @@ +/*! + Highlight.js v11.10.0 (git: 366a8bd012) + (c) 2006-2024 Josh Goebel and other contributors + License: BSD-3-Clause + */ +var hljs=function(){"use strict";function e(t){ +return t instanceof Map?t.clear=t.delete=t.set=()=>{ +throw Error("map is read-only")}:t instanceof Set&&(t.add=t.clear=t.delete=()=>{ +throw Error("set is read-only") +}),Object.freeze(t),Object.getOwnPropertyNames(t).forEach((n=>{ +const i=t[n],s=typeof i;"object"!==s&&"function"!==s||Object.isFrozen(i)||e(i) +})),t}class t{constructor(e){ +void 0===e.data&&(e.data={}),this.data=e.data,this.isMatchIgnored=!1} +ignoreMatch(){this.isMatchIgnored=!0}}function n(e){ +return e.replace(/&/g,"&").replace(//g,">").replace(/"/g,""").replace(/'/g,"'") +}function i(e,...t){const n=Object.create(null);for(const t in e)n[t]=e[t] +;return t.forEach((e=>{for(const t in e)n[t]=e[t]})),n}const s=e=>!!e.scope +;class o{constructor(e,t){ +this.buffer="",this.classPrefix=t.classPrefix,e.walk(this)}addText(e){ +this.buffer+=n(e)}openNode(e){if(!s(e))return;const t=((e,{prefix:t})=>{ +if(e.startsWith("language:"))return e.replace("language:","language-") +;if(e.includes(".")){const n=e.split(".") +;return[`${t}${n.shift()}`,...n.map(((e,t)=>`${e}${"_".repeat(t+1)}`))].join(" ") +}return`${t}${e}`})(e.scope,{prefix:this.classPrefix});this.span(t)} +closeNode(e){s(e)&&(this.buffer+="")}value(){return this.buffer}span(e){ +this.buffer+=``}}const r=(e={})=>{const t={children:[]} +;return Object.assign(t,e),t};class a{constructor(){ +this.rootNode=r(),this.stack=[this.rootNode]}get top(){ +return this.stack[this.stack.length-1]}get root(){return this.rootNode}add(e){ +this.top.children.push(e)}openNode(e){const t=r({scope:e}) +;this.add(t),this.stack.push(t)}closeNode(){ +if(this.stack.length>1)return this.stack.pop()}closeAllNodes(){ +for(;this.closeNode(););}toJSON(){return JSON.stringify(this.rootNode,null,4)} +walk(e){return this.constructor._walk(e,this.rootNode)}static _walk(e,t){ +return"string"==typeof t?e.addText(t):t.children&&(e.openNode(t), +t.children.forEach((t=>this._walk(e,t))),e.closeNode(t)),e}static _collapse(e){ +"string"!=typeof e&&e.children&&(e.children.every((e=>"string"==typeof e))?e.children=[e.children.join("")]:e.children.forEach((e=>{ +a._collapse(e)})))}}class c extends a{constructor(e){super(),this.options=e} +addText(e){""!==e&&this.add(e)}startScope(e){this.openNode(e)}endScope(){ +this.closeNode()}__addSublanguage(e,t){const n=e.root +;t&&(n.scope="language:"+t),this.add(n)}toHTML(){ +return new o(this,this.options).value()}finalize(){ +return this.closeAllNodes(),!0}}function l(e){ +return e?"string"==typeof e?e:e.source:null}function g(e){return h("(?=",e,")")} +function u(e){return h("(?:",e,")*")}function d(e){return h("(?:",e,")?")} +function h(...e){return e.map((e=>l(e))).join("")}function f(...e){const t=(e=>{ +const t=e[e.length-1] +;return"object"==typeof t&&t.constructor===Object?(e.splice(e.length-1,1),t):{} +})(e);return"("+(t.capture?"":"?:")+e.map((e=>l(e))).join("|")+")"} +function p(e){return RegExp(e.toString()+"|").exec("").length-1} +const b=/\[(?:[^\\\]]|\\.)*\]|\(\??|\\([1-9][0-9]*)|\\./ +;function m(e,{joinWith:t}){let n=0;return e.map((e=>{n+=1;const t=n +;let i=l(e),s="";for(;i.length>0;){const e=b.exec(i);if(!e){s+=i;break} +s+=i.substring(0,e.index), +i=i.substring(e.index+e[0].length),"\\"===e[0][0]&&e[1]?s+="\\"+(Number(e[1])+t):(s+=e[0], +"("===e[0]&&n++)}return s})).map((e=>`(${e})`)).join(t)} +const E="[a-zA-Z]\\w*",x="[a-zA-Z_]\\w*",w="\\b\\d+(\\.\\d+)?",y="(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)",_="\\b(0b[01]+)",O={ +begin:"\\\\[\\s\\S]",relevance:0},v={scope:"string",begin:"'",end:"'", +illegal:"\\n",contains:[O]},k={scope:"string",begin:'"',end:'"',illegal:"\\n", +contains:[O]},N=(e,t,n={})=>{const s=i({scope:"comment",begin:e,end:t, +contains:[]},n);s.contains.push({scope:"doctag", +begin:"[ ]*(?=(TODO|FIXME|NOTE|BUG|OPTIMIZE|HACK|XXX):)", +end:/(TODO|FIXME|NOTE|BUG|OPTIMIZE|HACK|XXX):/,excludeBegin:!0,relevance:0}) +;const o=f("I","a","is","so","us","to","at","if","in","it","on",/[A-Za-z]+['](d|ve|re|ll|t|s|n)/,/[A-Za-z]+[-][a-z]+/,/[A-Za-z][a-z]{2,}/) +;return s.contains.push({begin:h(/[ ]+/,"(",o,/[.]?[:]?([.][ ]|[ ])/,"){3}")}),s +},S=N("//","$"),M=N("/\\*","\\*/"),R=N("#","$");var j=Object.freeze({ +__proto__:null,APOS_STRING_MODE:v,BACKSLASH_ESCAPE:O,BINARY_NUMBER_MODE:{ +scope:"number",begin:_,relevance:0},BINARY_NUMBER_RE:_,COMMENT:N, +C_BLOCK_COMMENT_MODE:M,C_LINE_COMMENT_MODE:S,C_NUMBER_MODE:{scope:"number", +begin:y,relevance:0},C_NUMBER_RE:y,END_SAME_AS_BEGIN:e=>Object.assign(e,{ +"on:begin":(e,t)=>{t.data._beginMatch=e[1]},"on:end":(e,t)=>{ +t.data._beginMatch!==e[1]&&t.ignoreMatch()}}),HASH_COMMENT_MODE:R,IDENT_RE:E, +MATCH_NOTHING_RE:/\b\B/,METHOD_GUARD:{begin:"\\.\\s*"+x,relevance:0}, +NUMBER_MODE:{scope:"number",begin:w,relevance:0},NUMBER_RE:w, +PHRASAL_WORDS_MODE:{ +begin:/\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|they|like|more)\b/ +},QUOTE_STRING_MODE:k,REGEXP_MODE:{scope:"regexp",begin:/\/(?=[^/\n]*\/)/, +end:/\/[gimuy]*/,contains:[O,{begin:/\[/,end:/\]/,relevance:0,contains:[O]}]}, +RE_STARTERS_RE:"!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~", +SHEBANG:(e={})=>{const t=/^#![ ]*\// +;return e.binary&&(e.begin=h(t,/.*\b/,e.binary,/\b.*/)),i({scope:"meta",begin:t, +end:/$/,relevance:0,"on:begin":(e,t)=>{0!==e.index&&t.ignoreMatch()}},e)}, +TITLE_MODE:{scope:"title",begin:E,relevance:0},UNDERSCORE_IDENT_RE:x, +UNDERSCORE_TITLE_MODE:{scope:"title",begin:x,relevance:0}});function A(e,t){ +"."===e.input[e.index-1]&&t.ignoreMatch()}function I(e,t){ +void 0!==e.className&&(e.scope=e.className,delete e.className)}function T(e,t){ +t&&e.beginKeywords&&(e.begin="\\b("+e.beginKeywords.split(" ").join("|")+")(?!\\.)(?=\\b|\\s)", +e.__beforeBegin=A,e.keywords=e.keywords||e.beginKeywords,delete e.beginKeywords, +void 0===e.relevance&&(e.relevance=0))}function L(e,t){ +Array.isArray(e.illegal)&&(e.illegal=f(...e.illegal))}function B(e,t){ +if(e.match){ +if(e.begin||e.end)throw Error("begin & end are not supported with match") +;e.begin=e.match,delete e.match}}function P(e,t){ +void 0===e.relevance&&(e.relevance=1)}const D=(e,t)=>{if(!e.beforeMatch)return +;if(e.starts)throw Error("beforeMatch cannot be used with starts") +;const n=Object.assign({},e);Object.keys(e).forEach((t=>{delete e[t] +})),e.keywords=n.keywords,e.begin=h(n.beforeMatch,g(n.begin)),e.starts={ +relevance:0,contains:[Object.assign(n,{endsParent:!0})] +},e.relevance=0,delete n.beforeMatch +},H=["of","and","for","in","not","or","if","then","parent","list","value"],C="keyword" +;function $(e,t,n=C){const i=Object.create(null) +;return"string"==typeof e?s(n,e.split(" ")):Array.isArray(e)?s(n,e):Object.keys(e).forEach((n=>{ +Object.assign(i,$(e[n],t,n))})),i;function s(e,n){ +t&&(n=n.map((e=>e.toLowerCase()))),n.forEach((t=>{const n=t.split("|") +;i[n[0]]=[e,U(n[0],n[1])]}))}}function U(e,t){ +return t?Number(t):(e=>H.includes(e.toLowerCase()))(e)?0:1}const z={},W=e=>{ +console.error(e)},X=(e,...t)=>{console.log("WARN: "+e,...t)},G=(e,t)=>{ +z[`${e}/${t}`]||(console.log(`Deprecated as of ${e}. ${t}`),z[`${e}/${t}`]=!0) +},K=Error();function F(e,t,{key:n}){let i=0;const s=e[n],o={},r={} +;for(let e=1;e<=t.length;e++)r[e+i]=s[e],o[e+i]=!0,i+=p(t[e-1]) +;e[n]=r,e[n]._emit=o,e[n]._multi=!0}function Z(e){(e=>{ +e.scope&&"object"==typeof e.scope&&null!==e.scope&&(e.beginScope=e.scope, +delete e.scope)})(e),"string"==typeof e.beginScope&&(e.beginScope={ +_wrap:e.beginScope}),"string"==typeof e.endScope&&(e.endScope={_wrap:e.endScope +}),(e=>{if(Array.isArray(e.begin)){ +if(e.skip||e.excludeBegin||e.returnBegin)throw W("skip, excludeBegin, returnBegin not compatible with beginScope: {}"), +K +;if("object"!=typeof e.beginScope||null===e.beginScope)throw W("beginScope must be object"), +K;F(e,e.begin,{key:"beginScope"}),e.begin=m(e.begin,{joinWith:""})}})(e),(e=>{ +if(Array.isArray(e.end)){ +if(e.skip||e.excludeEnd||e.returnEnd)throw W("skip, excludeEnd, returnEnd not compatible with endScope: {}"), +K +;if("object"!=typeof e.endScope||null===e.endScope)throw W("endScope must be object"), +K;F(e,e.end,{key:"endScope"}),e.end=m(e.end,{joinWith:""})}})(e)}function V(e){ +function t(t,n){ +return RegExp(l(t),"m"+(e.case_insensitive?"i":"")+(e.unicodeRegex?"u":"")+(n?"g":"")) +}class n{constructor(){ +this.matchIndexes={},this.regexes=[],this.matchAt=1,this.position=0} +addRule(e,t){ +t.position=this.position++,this.matchIndexes[this.matchAt]=t,this.regexes.push([t,e]), +this.matchAt+=p(e)+1}compile(){0===this.regexes.length&&(this.exec=()=>null) +;const e=this.regexes.map((e=>e[1]));this.matcherRe=t(m(e,{joinWith:"|" +}),!0),this.lastIndex=0}exec(e){this.matcherRe.lastIndex=this.lastIndex +;const t=this.matcherRe.exec(e);if(!t)return null +;const n=t.findIndex(((e,t)=>t>0&&void 0!==e)),i=this.matchIndexes[n] +;return t.splice(0,n),Object.assign(t,i)}}class s{constructor(){ +this.rules=[],this.multiRegexes=[], +this.count=0,this.lastIndex=0,this.regexIndex=0}getMatcher(e){ +if(this.multiRegexes[e])return this.multiRegexes[e];const t=new n +;return this.rules.slice(e).forEach((([e,n])=>t.addRule(e,n))), +t.compile(),this.multiRegexes[e]=t,t}resumingScanAtSamePosition(){ +return 0!==this.regexIndex}considerAll(){this.regexIndex=0}addRule(e,t){ +this.rules.push([e,t]),"begin"===t.type&&this.count++}exec(e){ +const t=this.getMatcher(this.regexIndex);t.lastIndex=this.lastIndex +;let n=t.exec(e) +;if(this.resumingScanAtSamePosition())if(n&&n.index===this.lastIndex);else{ +const t=this.getMatcher(0);t.lastIndex=this.lastIndex+1,n=t.exec(e)} +return n&&(this.regexIndex+=n.position+1, +this.regexIndex===this.count&&this.considerAll()),n}} +if(e.compilerExtensions||(e.compilerExtensions=[]), +e.contains&&e.contains.includes("self"))throw Error("ERR: contains `self` is not supported at the top-level of a language. See documentation.") +;return e.classNameAliases=i(e.classNameAliases||{}),function n(o,r){const a=o +;if(o.isCompiled)return a +;[I,B,Z,D].forEach((e=>e(o,r))),e.compilerExtensions.forEach((e=>e(o,r))), +o.__beforeBegin=null,[T,L,P].forEach((e=>e(o,r))),o.isCompiled=!0;let c=null +;return"object"==typeof o.keywords&&o.keywords.$pattern&&(o.keywords=Object.assign({},o.keywords), +c=o.keywords.$pattern, +delete o.keywords.$pattern),c=c||/\w+/,o.keywords&&(o.keywords=$(o.keywords,e.case_insensitive)), +a.keywordPatternRe=t(c,!0), +r&&(o.begin||(o.begin=/\B|\b/),a.beginRe=t(a.begin),o.end||o.endsWithParent||(o.end=/\B|\b/), +o.end&&(a.endRe=t(a.end)), +a.terminatorEnd=l(a.end)||"",o.endsWithParent&&r.terminatorEnd&&(a.terminatorEnd+=(o.end?"|":"")+r.terminatorEnd)), +o.illegal&&(a.illegalRe=t(o.illegal)), +o.contains||(o.contains=[]),o.contains=[].concat(...o.contains.map((e=>(e=>(e.variants&&!e.cachedVariants&&(e.cachedVariants=e.variants.map((t=>i(e,{ +variants:null},t)))),e.cachedVariants?e.cachedVariants:q(e)?i(e,{ +starts:e.starts?i(e.starts):null +}):Object.isFrozen(e)?i(e):e))("self"===e?o:e)))),o.contains.forEach((e=>{n(e,a) +})),o.starts&&n(o.starts,r),a.matcher=(e=>{const t=new s +;return e.contains.forEach((e=>t.addRule(e.begin,{rule:e,type:"begin" +}))),e.terminatorEnd&&t.addRule(e.terminatorEnd,{type:"end" +}),e.illegal&&t.addRule(e.illegal,{type:"illegal"}),t})(a),a}(e)}function q(e){ +return!!e&&(e.endsWithParent||q(e.starts))}class J extends Error{ +constructor(e,t){super(e),this.name="HTMLInjectionError",this.html=t}} +const Y=n,Q=i,ee=Symbol("nomatch"),te=n=>{ +const i=Object.create(null),s=Object.create(null),o=[];let r=!0 +;const a="Could not find the language '{}', did you forget to load/include a language module?",l={ +disableAutodetect:!0,name:"Plain text",contains:[]};let p={ +ignoreUnescapedHTML:!1,throwUnescapedHTML:!1,noHighlightRe:/^(no-?highlight)$/i, +languageDetectRe:/\blang(?:uage)?-([\w-]+)\b/i,classPrefix:"hljs-", +cssSelector:"pre code",languages:null,__emitter:c};function b(e){ +return p.noHighlightRe.test(e)}function m(e,t,n){let i="",s="" +;"object"==typeof t?(i=e, +n=t.ignoreIllegals,s=t.language):(G("10.7.0","highlight(lang, code, ...args) has been deprecated."), +G("10.7.0","Please use highlight(code, options) instead.\nhttps://github.com/highlightjs/highlight.js/issues/2277"), +s=e,i=t),void 0===n&&(n=!0);const o={code:i,language:s};N("before:highlight",o) +;const r=o.result?o.result:E(o.language,o.code,n) +;return r.code=o.code,N("after:highlight",r),r}function E(e,n,s,o){ +const c=Object.create(null);function l(){if(!N.keywords)return void M.addText(R) +;let e=0;N.keywordPatternRe.lastIndex=0;let t=N.keywordPatternRe.exec(R),n="" +;for(;t;){n+=R.substring(e,t.index) +;const s=_.case_insensitive?t[0].toLowerCase():t[0],o=(i=s,N.keywords[i]);if(o){ +const[e,i]=o +;if(M.addText(n),n="",c[s]=(c[s]||0)+1,c[s]<=7&&(j+=i),e.startsWith("_"))n+=t[0];else{ +const n=_.classNameAliases[e]||e;u(t[0],n)}}else n+=t[0] +;e=N.keywordPatternRe.lastIndex,t=N.keywordPatternRe.exec(R)}var i +;n+=R.substring(e),M.addText(n)}function g(){null!=N.subLanguage?(()=>{ +if(""===R)return;let e=null;if("string"==typeof N.subLanguage){ +if(!i[N.subLanguage])return void M.addText(R) +;e=E(N.subLanguage,R,!0,S[N.subLanguage]),S[N.subLanguage]=e._top +}else e=x(R,N.subLanguage.length?N.subLanguage:null) +;N.relevance>0&&(j+=e.relevance),M.__addSublanguage(e._emitter,e.language) +})():l(),R=""}function u(e,t){ +""!==e&&(M.startScope(t),M.addText(e),M.endScope())}function d(e,t){let n=1 +;const i=t.length-1;for(;n<=i;){if(!e._emit[n]){n++;continue} +const i=_.classNameAliases[e[n]]||e[n],s=t[n];i?u(s,i):(R=s,l(),R=""),n++}} +function h(e,t){ +return e.scope&&"string"==typeof e.scope&&M.openNode(_.classNameAliases[e.scope]||e.scope), +e.beginScope&&(e.beginScope._wrap?(u(R,_.classNameAliases[e.beginScope._wrap]||e.beginScope._wrap), +R=""):e.beginScope._multi&&(d(e.beginScope,t),R="")),N=Object.create(e,{parent:{ +value:N}}),N}function f(e,n,i){let s=((e,t)=>{const n=e&&e.exec(t) +;return n&&0===n.index})(e.endRe,i);if(s){if(e["on:end"]){const i=new t(e) +;e["on:end"](n,i),i.isMatchIgnored&&(s=!1)}if(s){ +for(;e.endsParent&&e.parent;)e=e.parent;return e}} +if(e.endsWithParent)return f(e.parent,n,i)}function b(e){ +return 0===N.matcher.regexIndex?(R+=e[0],1):(T=!0,0)}function m(e){ +const t=e[0],i=n.substring(e.index),s=f(N,e,i);if(!s)return ee;const o=N +;N.endScope&&N.endScope._wrap?(g(), +u(t,N.endScope._wrap)):N.endScope&&N.endScope._multi?(g(), +d(N.endScope,e)):o.skip?R+=t:(o.returnEnd||o.excludeEnd||(R+=t), +g(),o.excludeEnd&&(R=t));do{ +N.scope&&M.closeNode(),N.skip||N.subLanguage||(j+=N.relevance),N=N.parent +}while(N!==s.parent);return s.starts&&h(s.starts,e),o.returnEnd?0:t.length} +let w={};function y(i,o){const a=o&&o[0];if(R+=i,null==a)return g(),0 +;if("begin"===w.type&&"end"===o.type&&w.index===o.index&&""===a){ +if(R+=n.slice(o.index,o.index+1),!r){const t=Error(`0 width match regex (${e})`) +;throw t.languageName=e,t.badRule=w.rule,t}return 1} +if(w=o,"begin"===o.type)return(e=>{ +const n=e[0],i=e.rule,s=new t(i),o=[i.__beforeBegin,i["on:begin"]] +;for(const t of o)if(t&&(t(e,s),s.isMatchIgnored))return b(n) +;return i.skip?R+=n:(i.excludeBegin&&(R+=n), +g(),i.returnBegin||i.excludeBegin||(R=n)),h(i,e),i.returnBegin?0:n.length})(o) +;if("illegal"===o.type&&!s){ +const e=Error('Illegal lexeme "'+a+'" for mode "'+(N.scope||"")+'"') +;throw e.mode=N,e}if("end"===o.type){const e=m(o);if(e!==ee)return e} +if("illegal"===o.type&&""===a)return 1 +;if(I>1e5&&I>3*o.index)throw Error("potential infinite loop, way more iterations than matches") +;return R+=a,a.length}const _=O(e) +;if(!_)throw W(a.replace("{}",e)),Error('Unknown language: "'+e+'"') +;const v=V(_);let k="",N=o||v;const S={},M=new p.__emitter(p);(()=>{const e=[] +;for(let t=N;t!==_;t=t.parent)t.scope&&e.unshift(t.scope) +;e.forEach((e=>M.openNode(e)))})();let R="",j=0,A=0,I=0,T=!1;try{ +if(_.__emitTokens)_.__emitTokens(n,M);else{for(N.matcher.considerAll();;){ +I++,T?T=!1:N.matcher.considerAll(),N.matcher.lastIndex=A +;const e=N.matcher.exec(n);if(!e)break;const t=y(n.substring(A,e.index),e) +;A=e.index+t}y(n.substring(A))}return M.finalize(),k=M.toHTML(),{language:e, +value:k,relevance:j,illegal:!1,_emitter:M,_top:N}}catch(t){ +if(t.message&&t.message.includes("Illegal"))return{language:e,value:Y(n), +illegal:!0,relevance:0,_illegalBy:{message:t.message,index:A, +context:n.slice(A-100,A+100),mode:t.mode,resultSoFar:k},_emitter:M};if(r)return{ +language:e,value:Y(n),illegal:!1,relevance:0,errorRaised:t,_emitter:M,_top:N} +;throw t}}function x(e,t){t=t||p.languages||Object.keys(i);const n=(e=>{ +const t={value:Y(e),illegal:!1,relevance:0,_top:l,_emitter:new p.__emitter(p)} +;return t._emitter.addText(e),t})(e),s=t.filter(O).filter(k).map((t=>E(t,e,!1))) +;s.unshift(n);const o=s.sort(((e,t)=>{ +if(e.relevance!==t.relevance)return t.relevance-e.relevance +;if(e.language&&t.language){if(O(e.language).supersetOf===t.language)return 1 +;if(O(t.language).supersetOf===e.language)return-1}return 0})),[r,a]=o,c=r +;return c.secondBest=a,c}function w(e){let t=null;const n=(e=>{ +let t=e.className+" ";t+=e.parentNode?e.parentNode.className:"" +;const n=p.languageDetectRe.exec(t);if(n){const t=O(n[1]) +;return t||(X(a.replace("{}",n[1])), +X("Falling back to no-highlight mode for this block.",e)),t?n[1]:"no-highlight"} +return t.split(/\s+/).find((e=>b(e)||O(e)))})(e);if(b(n))return +;if(N("before:highlightElement",{el:e,language:n +}),e.dataset.highlighted)return void console.log("Element previously highlighted. To highlight again, first unset `dataset.highlighted`.",e) +;if(e.children.length>0&&(p.ignoreUnescapedHTML||(console.warn("One of your code blocks includes unescaped HTML. This is a potentially serious security risk."), +console.warn("https://github.com/highlightjs/highlight.js/wiki/security"), +console.warn("The element with unescaped HTML:"), +console.warn(e)),p.throwUnescapedHTML))throw new J("One of your code blocks includes unescaped HTML.",e.innerHTML) +;t=e;const i=t.textContent,o=n?m(i,{language:n,ignoreIllegals:!0}):x(i) +;e.innerHTML=o.value,e.dataset.highlighted="yes",((e,t,n)=>{const i=t&&s[t]||n +;e.classList.add("hljs"),e.classList.add("language-"+i) +})(e,n,o.language),e.result={language:o.language,re:o.relevance, +relevance:o.relevance},o.secondBest&&(e.secondBest={ +language:o.secondBest.language,relevance:o.secondBest.relevance +}),N("after:highlightElement",{el:e,result:o,text:i})}let y=!1;function _(){ +"loading"!==document.readyState?document.querySelectorAll(p.cssSelector).forEach(w):y=!0 +}function O(e){return e=(e||"").toLowerCase(),i[e]||i[s[e]]} +function v(e,{languageName:t}){"string"==typeof e&&(e=[e]),e.forEach((e=>{ +s[e.toLowerCase()]=t}))}function k(e){const t=O(e) +;return t&&!t.disableAutodetect}function N(e,t){const n=e;o.forEach((e=>{ +e[n]&&e[n](t)}))} +"undefined"!=typeof window&&window.addEventListener&&window.addEventListener("DOMContentLoaded",(()=>{ +y&&_()}),!1),Object.assign(n,{highlight:m,highlightAuto:x,highlightAll:_, +highlightElement:w, +highlightBlock:e=>(G("10.7.0","highlightBlock will be removed entirely in v12.0"), +G("10.7.0","Please use highlightElement now."),w(e)),configure:e=>{p=Q(p,e)}, +initHighlighting:()=>{ +_(),G("10.6.0","initHighlighting() deprecated. Use highlightAll() now.")}, +initHighlightingOnLoad:()=>{ +_(),G("10.6.0","initHighlightingOnLoad() deprecated. Use highlightAll() now.") +},registerLanguage:(e,t)=>{let s=null;try{s=t(n)}catch(t){ +if(W("Language definition for '{}' could not be registered.".replace("{}",e)), +!r)throw t;W(t),s=l} +s.name||(s.name=e),i[e]=s,s.rawDefinition=t.bind(null,n),s.aliases&&v(s.aliases,{ +languageName:e})},unregisterLanguage:e=>{delete i[e] +;for(const t of Object.keys(s))s[t]===e&&delete s[t]}, +listLanguages:()=>Object.keys(i),getLanguage:O,registerAliases:v, +autoDetection:k,inherit:Q,addPlugin:e=>{(e=>{ +e["before:highlightBlock"]&&!e["before:highlightElement"]&&(e["before:highlightElement"]=t=>{ +e["before:highlightBlock"](Object.assign({block:t.el},t)) +}),e["after:highlightBlock"]&&!e["after:highlightElement"]&&(e["after:highlightElement"]=t=>{ +e["after:highlightBlock"](Object.assign({block:t.el},t))})})(e),o.push(e)}, +removePlugin:e=>{const t=o.indexOf(e);-1!==t&&o.splice(t,1)}}),n.debugMode=()=>{ +r=!1},n.safeMode=()=>{r=!0},n.versionString="11.10.0",n.regex={concat:h, +lookahead:g,either:f,optional:d,anyNumberOfTimes:u} +;for(const t in j)"object"==typeof j[t]&&e(j[t]);return Object.assign(n,j),n +},ne=te({});return ne.newInstance=()=>te({}),ne}() +;"object"==typeof exports&&"undefined"!=typeof module&&(module.exports=hljs); \ No newline at end of file diff --git a/render/templates/src/highlightjs/terraform.js b/render/templates/src/highlightjs/terraform.js new file mode 100644 index 0000000..179c119 --- /dev/null +++ b/render/templates/src/highlightjs/terraform.js @@ -0,0 +1,87 @@ +/* + * highlight.js terraform syntax highlighting definition + * + * @see https://github.com/highlightjs/highlight.js + * + * :TODO: + * + * @package: highlightjs-terraform + * @author: Nikos Tsirmirakis + * @since: 2019-03-20 + * + * Description: Terraform (HCL) language definition + * Category: scripting + */ + +var module = module ? module : {}; // shim for browser use + +function hljsDefineTerraform(hljs) { + var NUMBERS = { + className: 'number', + begin: '\\b\\d+(\\.\\d+)?', + relevance: 0 + }; + var STRINGS = { + className: 'string', + begin: '"', + end: '"', + contains: [{ + className: 'variable', + begin: '\\${', + end: '\\}', + relevance: 9, + contains: [{ + className: 'string', + begin: '"', + end: '"' + }, { + className: 'meta', + begin: '[A-Za-z_0-9]*' + '\\(', + end: '\\)', + contains: [ + NUMBERS, { + className: 'string', + begin: '"', + end: '"', + contains: [{ + className: 'variable', + begin: '\\${', + end: '\\}', + contains: [{ + className: 'string', + begin: '"', + end: '"', + contains: [{ + className: 'variable', + begin: '\\${', + end: '\\}' + }] + }, { + className: 'meta', + begin: '[A-Za-z_0-9]*' + '\\(', + end: '\\)' + }] + }] + }, + 'self'] + }] + }] + }; + + return { + aliases: ['tf', 'hcl'], + keywords: 'resource variable provider output locals module data terraform|10', + literal: 'false true null', + contains: [ + hljs.COMMENT('\\#', '$'), + NUMBERS, + STRINGS + ] + } +} + +module.exports = function (hljs) { + hljs.registerLanguage('terraform', hljsDefineTerraform); +}; + +module.exports.definer = hljsDefineTerraform; \ No newline at end of file diff --git a/render/testdata/golden/empty.html b/render/testdata/golden/empty.html index d5cab46..f31f7b4 100644 --- a/render/testdata/golden/empty.html +++ b/render/testdata/golden/empty.html @@ -4,493 +4,1342 @@ Trivy Report - + + +

Trivy Returned Empty Report

+ + + + + + + cy.resize() + } +}); + document.addEventListener('mouseup', () => { + isDragging = false; + document.body.style.userSelect = ''; +}); - - - -
-

Trivy Returned Empty Report

-

+ insertAfter(thead, tbody); + }; + tables.forEach((table, tableIx) => { + table.addEventListener("click", (e) => { + e.stopPropagation(); + const el = e.target; + const type = el.getAttribute("data-type"); + const sortable = el.getAttribute("data-sortable") === "true"; + if (el.nodeName !== "TH" || !sortable) return; + const cellIndex = el.cellIndex; + sortTable(tableIx, cellIndex, type, colIx === cellIndex); + colIx = colIx === cellIndex ? -1 : cellIndex; + }); + }); +} + +document.addEventListener("DOMContentLoaded", () => { + attachLinksInteractivity(); + attachSortInteractivity(); + attachFilterInteractivity(); +}); + \ No newline at end of file diff --git a/render/testdata/golden/graph.html b/render/testdata/golden/graph.html new file mode 100644 index 0000000..ebde7e8 --- /dev/null +++ b/render/testdata/golden/graph.html @@ -0,0 +1,1635 @@ + + + + + + Trivy Report + + + +

Trivy Report - log-storage +

+
+ +
+ +
+
+ + +
+ + + +
+
+
+
+
+
+ +
+ +
+

log-storage/modules/foo/modules/bar/modules/baz/main.tf

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Terraform Security Check AVD-AWS-0086S3 Access block should block public ACLHIGHNo public access block so not blocking public acls +
+ https://avd.aquasec.com/misconfig/avd-aws-0086 +
+
Terraform Security Check AVD-AWS-0087S3 Access block should block public policyHIGHNo public access block so not blocking public policies +
+ https://avd.aquasec.com/misconfig/avd-aws-0087 +
+
Terraform Security Check AVD-AWS-0088Unencrypted S3 bucket.HIGHBucket does not have encryption enabled +
+ https://avd.aquasec.com/misconfig/avd-aws-0088 +
+
Terraform Security Check s3-bucket-loggingS3 Bucket LoggingLOWBucket has logging disabled +
+ https://avd.aquasec.com/misconfig/s3-bucket-logging +
+
Terraform Security Check AVD-AWS-0090S3 Data should be versionedMEDIUMBucket does not have versioning enabled +
+ https://avd.aquasec.com/misconfig/avd-aws-0090 +
+
Terraform Security Check AVD-AWS-0091S3 Access Block should Ignore Public AclHIGHNo public access block so not blocking public acls +
+ https://avd.aquasec.com/misconfig/avd-aws-0091 +
+
Terraform Security Check AVD-AWS-0093S3 Access block should restrict public bucket to limit accessHIGHNo public access block so not restricting public buckets +
+ https://avd.aquasec.com/misconfig/avd-aws-0093 +
+
Terraform Security Check AVD-AWS-0094S3 buckets should each define an aws_s3_bucket_public_access_blockLOWBucket does not have a corresponding public access block. +
+ https://avd.aquasec.com/misconfig/avd-aws-0094 +
+
Terraform Security Check AVD-AWS-0132S3 encryption should use Customer Managed KeysHIGHBucket does not encrypt data with a customer managed key. +
+ https://avd.aquasec.com/misconfig/avd-aws-0132 +
+
+ +
+
+ +
+ + +
+
+
+ +
+
+ +
+

log-storage/modules/foo/modules/bar/modules/baz/main.tf

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Terraform Security Check AVD-AWS-0086S3 Access block should block public ACLHIGHNo public access block so not blocking public acls +
+ https://avd.aquasec.com/misconfig/avd-aws-0086 +
+
Terraform Security Check AVD-AWS-0086S3 Access block should block public ACLHIGHNo public access block so not blocking public acls +
+ https://avd.aquasec.com/misconfig/avd-aws-0086 +
+
+ +
+
+ +
+ + +
+
+
+ +
+
+ + + + + + + + \ No newline at end of file diff --git a/render/testdata/golden/happy-k8s.html b/render/testdata/golden/happy-k8s.html index 92d862e..d18bfed 100644 --- a/render/testdata/golden/happy-k8s.html +++ b/render/testdata/golden/happy-k8s.html @@ -4,17138 +4,19235 @@ Trivy Report - +#movable-window { + position: fixed; + top: 2%; + right: 3%; + width: 30%; + height: 50%; + background-color: #fff; + border: 1px solid #ccc; + box-shadow: 0 4px 8px rgba(0, 0, 0, 0.2); + z-index: 1000; + display: none; +} - - - - -
-

Trivy Report - ClusterRole/admin -

-
- -
-
-

ClusterRole/admin

-
- - - - - - - +.hljs-meta .hljs-string, .hljs-regexp, .hljs-string { + color: #032f62 +} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV041Manage secretsCRITICALClusterRole 'admin' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
-
Kubernetes Security CheckKSV041Manage secretsCRITICALClusterRole 'admin' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'admin' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'admin' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'admin' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'admin' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'admin' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV049Manage configmapsMEDIUMClusterRole 'admin' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv049 -
-
Kubernetes Security CheckKSV050Manage Kubernetes RBAC resourcesCRITICALClusterRole 'admin' should not have access to resources ["roles", "rolebindings"] for verbs ["create", "update", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv050 -
-
Kubernetes Security CheckKSV053Exec into PodsHIGHClusterRole 'admin' should not have access to resource '["pods/exec"]' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv053 -
-
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'admin' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'admin' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'admin' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
-
-

ClusterRole/cluster-admin

-
- - - - - - - +.hljs-built_in, .hljs-symbol { + color: #e36209 +} - - - - - - - - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV044No wildcard verb and resource rolesCRITICALRole permits wildcard verb on wildcard resource -
- https://avd.aquasec.com/misconfig/ksv044 -
-
Kubernetes Security CheckKSV046Manage all resourcesCRITICALClusterRole 'cluster-admin' shouldn't manage all resources -
- https://avd.aquasec.com/misconfig/ksv046 -
-
-
-

ClusterRole/edit

-
- - - - - - - +.hljs-code, .hljs-comment, .hljs-formula { + color: #6a737d +} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV041Manage secretsCRITICALClusterRole 'edit' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
-
Kubernetes Security CheckKSV041Manage secretsCRITICALClusterRole 'edit' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV049Manage configmapsMEDIUMClusterRole 'edit' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv049 -
-
Kubernetes Security CheckKSV053Exec into PodsHIGHClusterRole 'edit' should not have access to resource '["pods/exec"]' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv053 -
-
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
-
-

ClusterRole/local-path-provisioner-role

-
- - - - - - - +.hljs-name, .hljs-quote, .hljs-selector-pseudo, .hljs-selector-tag { + color: #22863a +} - - - - - - - - - - - - - - - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV045No wildcard verb rolesCRITICALRole permits wildcard verb on specific resources -
- https://avd.aquasec.com/misconfig/ksv045 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'local-path-provisioner-role' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'local-path-provisioner-role' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
-
-

ClusterRole/system:aggregate-to-admin

-
- - - - - - - +.hljs-subst { + color: #24292e +} - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV050Manage Kubernetes RBAC resourcesCRITICALClusterRole 'system:aggregate-to-admin' should not have access to resources ["roles", "rolebindings"] for verbs ["create", "update", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv050 -
-
-
-

ClusterRole/system:aggregate-to-edit

-
- - - - - - - +.hljs-section { + color: #005cc5; + font-weight: 700 +} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV041Manage secretsCRITICALClusterRole 'system:aggregate-to-edit' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
-
Kubernetes Security CheckKSV041Manage secretsCRITICALClusterRole 'system:aggregate-to-edit' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV049Manage configmapsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv049 -
-
Kubernetes Security CheckKSV053Exec into PodsHIGHClusterRole 'system:aggregate-to-edit' should not have access to resource '["pods/exec"]' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv053 -
-
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'system:aggregate-to-edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'system:aggregate-to-edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'system:aggregate-to-edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
-
-

ClusterRole/system:controller:cronjob-controller

-
- - - - - - - +.hljs-bullet { + color: #735c0f +} - - - - - - - - - - - - - - - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:cronjob-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:cronjob-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:cronjob-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
-
-

ClusterRole/system:controller:daemon-set-controller

-
- - - - - - - +.hljs-emphasis { + color: #24292e; + font-style: italic +} - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:daemon-set-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
-
-

ClusterRole/system:controller:deployment-controller

-
- - - - - - - +.hljs-strong { + color: #24292e; + font-weight: 700 +} - - - - - - - - - - - - - - - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:deployment-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:deployment-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:deployment-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
-
-

ClusterRole/system:controller:endpoint-controller

-
- - - - - - - +.hljs-addition { + color: #22863a; + background-color: #f0fff4 +} - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'system:controller:endpoint-controller' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
-
-

ClusterRole/system:controller:endpointslice-controller

-
- - - - - - - +.hljs-deletion { + color: #b31d28; + background-color: #ffeef0 +} - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'system:controller:endpointslice-controller' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
-
-

ClusterRole/system:controller:endpointslicemirroring-controller

-
- - - - - - - +pre code.hljs { + display: block; + overflow-x: auto; + padding: 1em +} - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV056Manage Kubernetes networkingHIGHClusterRole 'system:controller:endpointslicemirroring-controller' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
-
-
-

ClusterRole/system:controller:expand-controller

-
- - - - - - - +code.hljs { + padding: 3px 5px +} + + + +

Trivy Report - ClusterRole/admin +

+
+ +
- - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV041Manage secretsCRITICALClusterRole 'system:controller:expand-controller' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
-
-
-

ClusterRole/system:controller:generic-garbage-collector

-
- - - - - - - +
+
+ + +
+ -
- - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV046Manage all resourcesCRITICALClusterRole 'system:controller:generic-garbage-collector' shouldn't manage all resources -
- https://avd.aquasec.com/misconfig/ksv046 -
-
-
-

ClusterRole/system:controller:horizontal-pod-autoscaler

+ +
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV046Manage all resourcesCRITICALClusterRole 'system:controller:horizontal-pod-autoscaler' shouldn't manage all resources -
- https://avd.aquasec.com/misconfig/ksv046 -
-
Kubernetes Security CheckKSV046Manage all resourcesCRITICALClusterRole 'system:controller:horizontal-pod-autoscaler' shouldn't manage all resources -
- https://avd.aquasec.com/misconfig/ksv046 -
-
-
-

ClusterRole/system:controller:job-controller

+
+
- - - - - - - + - - - - - - - - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:job-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:job-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
-
-

ClusterRole/system:controller:legacy-service-account-token-cleaner

-
- - - - - - - +
- - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV041Manage secretsCRITICALClusterRole 'system:controller:legacy-service-account-token-cleaner' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
-
-
-

ClusterRole/system:controller:namespace-controller

-
- - - - - - - +
+

ClusterRole/admin

+
+
+
Type - - - - Misconf ID - - - - Check - - - - Severity - - - -
+ + + + + + - - - - - - - - - - - - -
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message - - - -
Kubernetes Security CheckKSV046Manage all resourcesCRITICALClusterRole 'system:controller:namespace-controller' shouldn't manage all resources -
- https://avd.aquasec.com/misconfig/ksv046 -
-
-
-

ClusterRole/system:controller:node-controller

-
- - - - - - - + - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message + + + + Message - - - -
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:node-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'admin' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
+
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'admin' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'admin' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'admin' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'admin' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'admin' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'admin' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV049Manage configmapsMEDIUMClusterRole 'admin' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv049 +
+
Kubernetes Security Check KSV050Manage Kubernetes RBAC resourcesCRITICALClusterRole 'admin' should not have access to resources ["roles", "rolebindings"] for verbs ["create", "update", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv050 +
+
Kubernetes Security Check KSV053Exec into PodsHIGHClusterRole 'admin' should not have access to resource '["pods/exec"]' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv053 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'admin' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'admin' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'admin' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
-
-

ClusterRole/system:controller:persistent-volume-binder

-
- - - - - -
Type - - - - Misconf ID - - - - Check - - +
+ +
+
+ +
+ + +
+
+
- Message - - - - - - - - - Kubernetes Security Check - KSV041 - Manage secrets - CRITICAL - ClusterRole 'system:controller:persistent-volume-binder' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
- - - - Kubernetes Security Check - KSV048 - Manage Kubernetes workloads and pods - MEDIUM - ClusterRole 'system:controller:persistent-volume-binder' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
- - - - Kubernetes Security Check - KSV056 - Manage Kubernetes networking - HIGH - ClusterRole 'system:controller:persistent-volume-binder' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
- - - - Kubernetes Security Check - KSV056 - Manage Kubernetes networking - HIGH - ClusterRole 'system:controller:persistent-volume-binder' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv056 -
- - - - -
-

ClusterRole/system:controller:pod-garbage-collector

- - - - - - - + - - - - - - - - - - - +
+

ClusterRole/cluster-admin

+
+
+
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:pod-garbage-collector' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
+ + + + + + + + + + + + + + + + + + + + + + + + + + -
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Kubernetes Security Check KSV044No wildcard verb and resource rolesCRITICALRole permits wildcard verb on wildcard resource +
+ https://avd.aquasec.com/misconfig/ksv044 +
+
Kubernetes Security Check KSV046Manage all resourcesCRITICALClusterRole 'cluster-admin' shouldn't manage all resources +
+ https://avd.aquasec.com/misconfig/ksv046 +
+
-
-

ClusterRole/system:controller:replicaset-controller

-
- - - - - -
Type - - - - Misconf ID - - - - Check - - +
+ +
+
+ +
+ + +
+
+
- Message - - - - - - - - - Kubernetes Security Check - KSV048 - Manage Kubernetes workloads and pods - MEDIUM - ClusterRole 'system:controller:replicaset-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
- - - - Kubernetes Security Check - KSV048 - Manage Kubernetes workloads and pods - MEDIUM - ClusterRole 'system:controller:replicaset-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
- - - - -
-

ClusterRole/system:controller:replication-controller

- - - - - - - + - - - - - - - - - - - - - - - - - - +
+

ClusterRole/edit

+
+
+
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:replication-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:replication-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'edit' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
+
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'edit' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV049Manage configmapsMEDIUMClusterRole 'edit' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv049 +
+
Kubernetes Security Check KSV053Exec into PodsHIGHClusterRole 'edit' should not have access to resource '["pods/exec"]' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv053 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
-
-

ClusterRole/system:controller:resourcequota-controller

-
- - - - - -
Type - - - - Misconf ID - - - - Check - - +
+ +
+
+ +
+ + +
+
+
- Message - - - - - - - - - Kubernetes Security Check - KSV046 - Manage all resources - CRITICAL - ClusterRole 'system:controller:resourcequota-controller' shouldn't manage all resources -
- https://avd.aquasec.com/misconfig/ksv046 -
- - - - -
-

ClusterRole/system:controller:root-ca-cert-publisher

- - - - - - - + - - - - - - - - - - - +
+

ClusterRole/local-path-provisioner-role

+
+
+
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV049Manage configmapsMEDIUMClusterRole 'system:controller:root-ca-cert-publisher' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv049 -
-
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Kubernetes Security Check KSV045No wildcard verb rolesCRITICALRole permits wildcard verb on specific resources +
+ https://avd.aquasec.com/misconfig/ksv045 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'local-path-provisioner-role' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'local-path-provisioner-role' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
-
-

ClusterRole/system:controller:statefulset-controller

-
- - - - - -
Type - - - - Misconf ID - - - - Check - - +
+ +
+
+ +
+ + +
+
+
- Message - - - - - - - - - Kubernetes Security Check - KSV048 - Manage Kubernetes workloads and pods - MEDIUM - ClusterRole 'system:controller:statefulset-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
- - - - -
-

ClusterRole/system:controller:ttl-after-finished-controller

- - - - - - - + - - - - - - - - - - - +
+

ClusterRole/system:aggregate-to-admin

+
+
+
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:ttl-after-finished-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
+ + + + + + + + + + + + + + + + + + + -
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Kubernetes Security Check KSV050Manage Kubernetes RBAC resourcesCRITICALClusterRole 'system:aggregate-to-admin' should not have access to resources ["roles", "rolebindings"] for verbs ["create", "update", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv050 +
+
-
-

ClusterRole/system:kube-controller-manager

-
- - - - - -
Type - - - - Misconf ID - - - - Check - - +
+ +
+
+ +
+ + +
+
+
- Message - - - - - - - - - Kubernetes Security Check - KSV041 - Manage secrets - CRITICAL - ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
- - - - Kubernetes Security Check - KSV041 - Manage secrets - CRITICAL - ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
- - - - Kubernetes Security Check - KSV041 - Manage secrets - CRITICAL - ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
- - - - Kubernetes Security Check - KSV041 - Manage secrets - CRITICAL - ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
- - - - Kubernetes Security Check - KSV046 - Manage all resources - CRITICAL - ClusterRole 'system:kube-controller-manager' shouldn't manage all resources -
- https://avd.aquasec.com/misconfig/ksv046 -
- - - - -
-

ClusterRole/system:kube-scheduler

- - - - - - - + - - - - - - - - - - - +
+

ClusterRole/system:aggregate-to-edit

+
+
+
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:kube-scheduler' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
-
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'system:aggregate-to-edit' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
+
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'system:aggregate-to-edit' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV049Manage configmapsMEDIUMClusterRole 'system:aggregate-to-edit' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv049 +
+
Kubernetes Security Check KSV053Exec into PodsHIGHClusterRole 'system:aggregate-to-edit' should not have access to resource '["pods/exec"]' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv053 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'system:aggregate-to-edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'system:aggregate-to-edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'system:aggregate-to-edit' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
-
-

ClusterRole/system:node

-
- - - - - -
Type - - - - Misconf ID - - - - Check - - +
+ +
+
+ +
+ + +
+
+
- Message - - - - - - - - - Kubernetes Security Check - KSV041 - Manage secrets - CRITICAL - ClusterRole 'system:node' shouldn't have access to manage resource 'secrets' -
- https://avd.aquasec.com/misconfig/ksv041 -
- - - - Kubernetes Security Check - KSV048 - Manage Kubernetes workloads and pods - MEDIUM - ClusterRole 'system:node' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv048 -
- - - - -
-

ClusterRoleBinding/cluster-admin

- - - - - - - + + + +
- - - - - - - - - - - + + + +
+

ClusterRole/system:controller:deployment-controller

+
+
+
Type - - + + +
+

ClusterRole/system:controller:cronjob-controller

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:cronjob-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:cronjob-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:cronjob-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
+ +
+
+ +
+
Misconf ID - - + + Check - - + + + +
+ + + + +
+

ClusterRole/system:controller:daemon-set-controller

+
+
+ + + + + + + + + + + + + + + + + + + + + +
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:daemon-set-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
+ +
+
+ +
+
Severity - - + + Message - - - -
Kubernetes Security CheckKSV111User with admin accessMEDIUMClusterRoleBinding 'cluster-admin' should not bind to roles ["cluster-admin", "admin", "edit"] -
- https://avd.aquasec.com/misconfig/ksv111 -
-
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:deployment-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:deployment-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:deployment-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
-
-

ClusterRoleBinding/kubeadm:cluster-admins

-
- - - - - - - +
Type - - - - Misconf ID - - - - Check - - - - Severity - - - -
- Message - - +
+
+ +
+ + +
+
+
- Message - - - - - - - - - Kubernetes Security Check - KSV113 - Manage namespace secrets - MEDIUM - Role 'system:controller:bootstrap-signer' shouldn't have access to manage secrets in namespace 'kube-system' -
- https://avd.aquasec.com/misconfig/ksv113 -
- - - - -
-

Role/system:controller:cloud-provider

- - - - - - - + - - - - - - - - - - - +
+

ClusterRole/system:controller:expand-controller

+
+
+
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV049Manage configmapsMEDIUMRole 'system:controller:cloud-provider' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] -
- https://avd.aquasec.com/misconfig/ksv049 -
-
+ + + + + + + + + + + + + + + + + + + -
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'system:controller:expand-controller' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
+
-
-

Role/system:controller:token-cleaner

-
- - - - - -
Type - - - - Misconf ID - - - - Check - - +
+ +
+
+ +
+ + +
+
+
- Message - - - - - - - - - Kubernetes Security Check - KSV113 - Manage namespace secrets - MEDIUM - Role 'system:controller:token-cleaner' shouldn't have access to manage secrets in namespace 'kube-system' -
- https://avd.aquasec.com/misconfig/ksv113 -
- - - - -
-

Service/kube-dns

- - - - - - - + - - - - - - - - - - - +
+

ClusterRole/system:controller:generic-garbage-collector

+
+
+
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Kubernetes Security CheckKSV037User Pods should not be placed in kube-system namespaceMEDIUMService 'kube-dns' should not be set with 'kube-system' namespace -
- https://avd.aquasec.com/misconfig/ksv037 -
-
+ + + + + + + + + + + + + + + + + + + -
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Kubernetes Security Check KSV046Manage all resourcesCRITICALClusterRole 'system:controller:generic-garbage-collector' shouldn't manage all resources +
+ https://avd.aquasec.com/misconfig/ksv046 +
+
-
-

Deployment/local-path-provisioner

-
- - - - - -
Type - - - - Misconf ID - - - - Check - - +
+ +
+
+ +
+ + +
+
+
- Message - - - - - - - - - Kubernetes Security Check - KSV001 - Can elevate its own privileges - MEDIUM - Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'securityContext.allowPrivilegeEscalation' to false -
- https://avd.aquasec.com/misconfig/ksv001 -
- - - - Kubernetes Security Check - KSV003 - Default capabilities: some containers do not drop all - LOW - Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should add 'ALL' to 'securityContext.capabilities.drop' -
- https://avd.aquasec.com/misconfig/ksv003 -
- - - - Kubernetes Security Check - KSV011 - CPU not limited - LOW - Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'resources.limits.cpu' -
- https://avd.aquasec.com/misconfig/ksv011 -
- - - - Kubernetes Security Check - KSV012 - Runs as root user - MEDIUM - Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'securityContext.runAsNonRoot' to true -
- https://avd.aquasec.com/misconfig/ksv012 -
- - - - Kubernetes Security Check - KSV014 - Root file system is not read-only - HIGH - Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'securityContext.readOnlyRootFilesystem' to true -
- https://avd.aquasec.com/misconfig/ksv014 -
- - - - Kubernetes Security Check - KSV015 - CPU requests not specified - LOW - Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'resources.requests.cpu' -
- https://avd.aquasec.com/misconfig/ksv015 -
- - - - Kubernetes Security Check - KSV016 - Memory requests not specified - LOW - Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'resources.requests.memory' -
- https://avd.aquasec.com/misconfig/ksv016 -
- - - - Kubernetes Security Check - KSV018 - Memory not limited - LOW - Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'resources.limits.memory' -
- https://avd.aquasec.com/misconfig/ksv018 -
- - - - Kubernetes Security Check - KSV020 - Runs with UID <= 10000 - LOW - Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'securityContext.runAsUser' > 10000 -
- https://avd.aquasec.com/misconfig/ksv020 -
- - - - Kubernetes Security Check - KSV021 - Runs with GID <= 10000 - LOW - Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'securityContext.runAsGroup' > 10000 -
- https://avd.aquasec.com/misconfig/ksv021 -
- - - - Kubernetes Security Check - KSV030 - Runtime/Default Seccomp profile not set - LOW - Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault' -
- https://avd.aquasec.com/misconfig/ksv030 -
- - - - Kubernetes Security Check - KSV104 - Seccomp policies disabled - MEDIUM - container "local-path-provisioner" of deployment "local-path-provisioner" in "local-path-storage" namespace should specify a seccomp profile -
- https://avd.aquasec.com/misconfig/ksv104 -
- - - - Kubernetes Security Check - KSV106 - Container capabilities must only include NET_BIND_SERVICE - LOW - container should drop all -
- https://avd.aquasec.com/misconfig/ksv106 -
- - - - -
-

registry.k8s.io/coredns/coredns:v1.11.3 (debian 11.10)

- + + +
+

ClusterRole/system:controller:horizontal-pod-autoscaler

+
+
+
- - - - - - + - - - - - - - - - + + + + + + - + + + + + + + +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
tzdataDLA-3972-1UNKNOWN2024a-0+deb11u12024b-0+deb11u1 + +
Kubernetes Security Check KSV046Manage all resourcesCRITICALClusterRole 'system:controller:horizontal-pod-autoscaler' shouldn't manage all resources +
+ https://avd.aquasec.com/misconfig/ksv046 +
Kubernetes Security Check KSV046Manage all resourcesCRITICALClusterRole 'system:controller:horizontal-pod-autoscaler' shouldn't manage all resources +
+ https://avd.aquasec.com/misconfig/ksv046 +
+
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

ClusterRole/system:controller:job-controller

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - + + + + + + + +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
base-files@11.1+deb11u10base-files11.1+deb11u10base-files11.1+deb11u10
netbase@6.3netbase6.3netbase6.3
tzdata@2024a-0+deb11u1tzdata2024atzdata2024a
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:job-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:job-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
-
-

coredns

+ +
+
+ +
+ + +
+
+
+
- + + +
+

ClusterRole/system:controller:legacy-service-account-token-cleaner

+
+
+
- - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
github.com/golang-jwt/jwt/v4CVE-2024-51744LOWv4.5.04.5.1 - https://access.redhat.com/security/cve/CVE-2024-51744 - https://github.com/golang-jwt/jwt - https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c - https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r - https://nvd.nist.gov/vuln/detail/CVE-2024-51744 - https://www.cve.org/CVERecord?id=CVE-2024-51744 -
github.com/quic-go/quic-goCVE-2024-53259MEDIUMv0.44.00.48.2 - https://github.com/quic-go/quic-go - https://github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50 - https://github.com/quic-go/quic-go/pull/4729 - https://github.com/quic-go/quic-go/releases/tag/v0.48.2 - https://github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr - https://nvd.nist.gov/vuln/detail/CVE-2024-53259 -
stdlibCVE-2024-34156HIGHv1.21.111.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9473 - https://access.redhat.com/security/cve/CVE-2024-34156 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2318052 - https://bugzilla.redhat.com/show_bug.cgi?id=2262921 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://errata.almalinux.org/9/ALSA-2024-9473.html - https://errata.rockylinux.org/RLSA-2024:7262 - https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) - https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) - https://go.dev/cl/611239 - https://go.dev/issue/69139 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34156.html - https://linux.oracle.com/errata/ELSA-2024-9473.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34156 - https://pkg.go.dev/vuln/GO-2024-3106 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34156 -
stdlibCVE-2024-24791MEDIUMv1.21.111.21.12, 1.22.5 - https://access.redhat.com/errata/RHSA-2024:9135 - https://access.redhat.com/security/cve/CVE-2024-24791 - https://bugzilla.redhat.com/2268017 - https://bugzilla.redhat.com/2268022 - https://bugzilla.redhat.com/2279814 - https://bugzilla.redhat.com/2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://errata.almalinux.org/9/ALSA-2024-9135.html - https://errata.rockylinux.org/RLSA-2024:7349 - https://go.dev/cl/591255 - https://go.dev/issue/67555 - https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ - https://linux.oracle.com/cve/CVE-2024-24791.html - https://linux.oracle.com/errata/ELSA-2024-9115.html - https://nvd.nist.gov/vuln/detail/CVE-2024-24791 - https://pkg.go.dev/vuln/GO-2024-2963 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-24791 -
stdlibCVE-2024-34155MEDIUMv1.21.111.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34155 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) - https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) - https://go.dev/cl/611238 - https://go.dev/issue/69138 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34155.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34155 - https://pkg.go.dev/vuln/GO-2024-3105 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34155 -
stdlibCVE-2024-34158MEDIUMv1.21.111.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34158 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) - https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) - https://go.dev/cl/611240 - https://go.dev/issue/69141 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34158.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34158 - https://pkg.go.dev/vuln/GO-2024-3107 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34158 + +
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'system:controller:legacy-service-account-token-cleaner' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

ClusterRole/system:controller:namespace-controller

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
github.com/coredns/coredns
stdlibv1.21.11
cloud.google.com/go/compute/metadatav0.2.3
github.com/Azure/azure-sdk-for-gov68.0.0+incompatible
github.com/Azure/go-autorest/autorestv0.11.29
github.com/Azure/go-autorest/autorest/adalv0.9.22
github.com/Azure/go-autorest/autorest/azure/authv0.5.13
github.com/Azure/go-autorest/autorest/azure/cliv0.4.6
github.com/Azure/go-autorest/autorest/datev0.3.0
github.com/Azure/go-autorest/autorest/tov0.2.0
github.com/Azure/go-autorest/loggerv0.2.1
github.com/Azure/go-autorest/tracingv0.6.0
github.com/DataDog/appsec-internal-gov1.5.0
github.com/DataDog/datadog-agent/pkg/obfuscatev0.48.0
github.com/DataDog/datadog-agent/pkg/remoteconfig/statev0.48.1
github.com/DataDog/datadog-go/v5v5.3.0
github.com/DataDog/go-libddwaf/v2v2.4.2
github.com/DataDog/go-tufv1.0.2-0.5.2
github.com/DataDog/sketches-gov1.4.2
github.com/antonmedv/exprv1.15.5
github.com/apparentlymart/go-cidrv1.1.0
github.com/aws/aws-sdk-gov1.54.11
github.com/beorn7/perksv1.0.1
github.com/cespare/xxhash/v2v2.2.0
github.com/coredns/caddyv1.1.1
github.com/coreos/go-semverv0.3.0
github.com/coreos/go-systemd/v22v22.3.2
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/dimchansky/utfbomv1.1.1
github.com/dnstap/golang-dnstapv0.4.0
github.com/dustin/go-humanizev1.0.1
github.com/emicklei/go-restful/v3v3.11.0
github.com/farsightsec/golang-framestreamv0.3.0
github.com/felixge/httpsnoopv1.0.4
github.com/flynn/go-shlexv0.0.0-20150515145356-3f9db97f8568
github.com/go-logr/logrv1.4.1
github.com/go-logr/stdrv1.2.2
github.com/go-openapi/jsonpointerv0.19.6
github.com/go-openapi/jsonreferencev0.20.2
github.com/go-openapi/swagv0.22.3
github.com/gogo/protobufv1.3.2
github.com/golang-jwt/jwt/v4v4.5.0
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/s2a-gov0.1.7
github.com/google/uuidv1.6.0
github.com/googleapis/enterprise-certificate-proxyv0.3.2
github.com/googleapis/gax-go/v2v2.12.3
github.com/grpc-ecosystem/grpc-opentracingv0.0.0-20180507213350-8e809c8a8645
github.com/hashicorp/errwrapv1.1.0
github.com/hashicorp/go-multierrorv1.1.1
github.com/imdario/mergov0.3.12
github.com/infobloxopen/go-treesv0.0.0-20200715205103-96a057b8dfb9
github.com/jmespath/go-jmespathv0.4.0
github.com/josharian/internv1.0.0
github.com/json-iterator/gov1.1.12
github.com/mailru/easyjsonv0.7.7
github.com/matttproud/golang_protobuf_extensionsv1.0.4
github.com/miekg/dnsv1.1.59
github.com/mitchellh/go-homedirv1.1.0
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/opentracing-contrib/go-observerv0.0.0-20170622124052-a52f23424492
github.com/opentracing/opentracing-gov1.2.0
github.com/openzipkin-contrib/zipkin-go-opentracingv0.5.0
github.com/openzipkin/zipkin-gov0.4.3
github.com/oschwald/geoip2-golangv1.9.0
github.com/oschwald/maxminddb-golangv1.11.0
github.com/outcaste-io/ristrettov0.2.3
github.com/philhofer/fwdv1.1.2
github.com/pkg/errorsv0.9.1
github.com/prometheus/client_golangv1.19.1
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.53.0
github.com/prometheus/procfsv0.12.0
github.com/quic-go/quic-gov0.44.0
github.com/secure-systems-lab/go-securesystemslibv0.7.0
github.com/spf13/pflagv1.0.5
github.com/tinylib/msgpv1.1.8
go.etcd.io/etcd/api/v3v3.5.13
go.etcd.io/etcd/client/pkg/v3v3.5.13
go.etcd.io/etcd/client/v3v3.5.13
go.opencensus.iov0.24.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.49.0
go.opentelemetry.io/otelv1.24.0
go.opentelemetry.io/otel/metricv1.24.0
go.opentelemetry.io/otel/tracev1.24.0
go.uber.org/atomicv1.11.0
go.uber.org/multierrv1.6.0
go.uber.org/zapv1.17.0
golang.org/x/cryptov0.23.0
golang.org/x/expv0.0.0-20240506185415-9bf2ced13842
golang.org/x/netv0.25.0
golang.org/x/oauth2v0.18.0
golang.org/x/sysv0.20.0
golang.org/x/termv0.20.0
golang.org/x/textv0.15.0
golang.org/x/timev0.5.0
golang.org/x/xerrorsv0.0.0-20220907171357-04be3eba64a2
google.golang.org/apiv0.172.0
google.golang.org/genproto/googleapis/apiv0.0.0-20240311132316-a219d84964c2
google.golang.org/genproto/googleapis/rpcv0.0.0-20240415180920-8c6c420018be
google.golang.org/grpcv1.63.2
google.golang.org/protobufv1.33.0
gopkg.in/DataDog/dd-trace-go.v1v1.64.0
gopkg.in/inf.v0v0.9.1
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/apiv0.29.3
k8s.io/apimachineryv0.29.3
k8s.io/client-gov0.29.3
k8s.io/klog/v2v2.120.1
k8s.io/kube-openapiv0.0.0-20231010175941-2dd684a91f00
k8s.io/utilsv0.0.0-20230726121419-3b25d923346b
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.3.0
Kubernetes Security Check KSV046Manage all resourcesCRITICALClusterRole 'system:controller:namespace-controller' shouldn't manage all resources +
+ https://avd.aquasec.com/misconfig/ksv046 +
+
-
-

usr/local/bin/kube-scheduler

+ +
+
+ +
+ + +
+
+
+
- + + +
+

ClusterRole/system:controller:node-controller

+
+
+
- - - - - - + - - - - - + + + + + + - - - - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
github.com/opencontainers/runcCVE-2024-45310
Kubernetes Security Check KSV048Manage Kubernetes workloads and pods MEDIUMv1.1.131.1.14, 1.2.0-rc.3 - https://access.redhat.com/security/cve/CVE-2024-45310 - https://github.com/opencontainers/runc - https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 - https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e - https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf - https://github.com/opencontainers/runc/pull/4359 - https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv - https://nvd.nist.gov/vuln/detail/CVE-2024-45310 - https://www.cve.org/CVERecord?id=CVE-2024-45310 - https://www.openwall.com/lists/oss-security/2024/09/03/1 + ClusterRole 'system:controller:node-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

ClusterRole/system:controller:persistent-volume-binder

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
k8s.io/kubernetes
stdlibv1.22.8
github.com/NYTimes/gziphandlerv1.1.1
github.com/antlr4-go/antlr/v4v4.13.0
github.com/asaskevich/govalidatorv0.0.0-20190424111038-f61b66f89f4a
github.com/beorn7/perksv1.0.1
github.com/blang/semver/v4v4.0.0
github.com/cenkalti/backoff/v4v4.3.0
github.com/cespare/xxhash/v2v2.3.0
github.com/coreos/go-semverv0.3.1
github.com/coreos/go-systemd/v22v22.5.0
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/distribution/referencev0.5.0
github.com/emicklei/go-restful/v3v3.11.0
github.com/felixge/httpsnoopv1.0.4
github.com/fsnotify/fsnotifyv1.7.0
github.com/fxamacker/cbor/v2v2.7.0
github.com/go-logr/logrv1.4.2
github.com/go-logr/stdrv1.2.2
github.com/go-logr/zaprv1.3.0
github.com/go-openapi/jsonpointerv0.19.6
github.com/go-openapi/jsonreferencev0.20.2
github.com/go-openapi/swagv0.22.4
github.com/gogo/protobufv1.3.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/cel-gov0.20.1
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/uuidv1.6.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.20.0
github.com/imdario/mergov0.3.6
github.com/josharian/internv1.0.0
github.com/json-iterator/gov1.1.12
github.com/mailru/easyjsonv0.7.7
github.com/moby/sys/mountinfov0.7.1
github.com/moby/termv0.5.0
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/opencontainers/go-digestv1.0.0
github.com/opencontainers/runcv1.1.13
github.com/opencontainers/selinuxv1.11.0
github.com/pkg/errorsv0.9.1
github.com/prometheus/client_golangv1.19.1
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.55.0
github.com/prometheus/procfsv0.15.1
github.com/spf13/cobrav1.8.1
github.com/spf13/pflagv1.0.5
github.com/stoewer/go-strcasev1.2.0
github.com/x448/float16v0.8.4
go.etcd.io/etcd/api/v3v3.5.14
go.etcd.io/etcd/client/pkg/v3v3.5.14
go.etcd.io/etcd/client/v3v3.5.14
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.53.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.53.0
go.opentelemetry.io/otelv1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.27.0
go.opentelemetry.io/otel/metricv1.28.0
go.opentelemetry.io/otel/sdkv1.28.0
go.opentelemetry.io/otel/tracev1.28.0
go.opentelemetry.io/proto/otlpv1.3.1
go.uber.org/multierrv1.11.0
go.uber.org/zapv1.26.0
golang.org/x/cryptov0.24.0
golang.org/x/expv0.0.0-20230515195305-f3d0a9c9a5cc
golang.org/x/netv0.26.0
golang.org/x/oauth2v0.21.0
golang.org/x/syncv0.7.0
golang.org/x/sysv0.21.0
golang.org/x/termv0.21.0
golang.org/x/textv0.16.0
golang.org/x/timev0.3.0
google.golang.org/genproto/googleapis/apiv0.0.0-20240528184218-531527333157
google.golang.org/genproto/googleapis/rpcv0.0.0-20240701130421-f6361c86f094
google.golang.org/grpcv1.65.0
google.golang.org/protobufv1.34.2
gopkg.in/evanphx/json-patch.v4v4.12.0
gopkg.in/inf.v0v0.9.1
gopkg.in/natefinch/lumberjack.v2v2.2.1
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/api
k8s.io/apiextensions-apiserver
k8s.io/apimachinery
k8s.io/apiserver
k8s.io/client-go
k8s.io/cloud-provider
k8s.io/component-base
k8s.io/component-helpers
k8s.io/controller-manager
k8s.io/csi-translation-lib
k8s.io/dynamic-resource-allocation
k8s.io/klog/v2v2.130.1
k8s.io/kms
k8s.io/kube-openapiv0.0.0-20240228011516-70dd3763d340
k8s.io/kube-scheduler
k8s.io/kubelet
k8s.io/mount-utils
k8s.io/utilsv0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/apiserver-network-proxy/konnectivity-clientv0.30.3
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.4.0
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'system:controller:persistent-volume-binder' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
+
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:persistent-volume-binder' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'system:controller:persistent-volume-binder' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
Kubernetes Security Check KSV056Manage Kubernetes networkingHIGHClusterRole 'system:controller:persistent-volume-binder' should not have access to resources ["services", "endpoints", "endpointslices", "networkpolicies", "ingresses"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv056 +
+
-
-

docker.io/kindest/kindnetd:v20241023-a345ebe4 (debian 12.5)

+ +
+
+ +
+ + +
+
+
+
- + + +
+

ClusterRole/system:controller:pod-garbage-collector

+
+
+
- - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + - - - - - - - - - - + +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
coreutilsCVE-2016-2781LOW9.1-1 - http://seclists.org/oss-sec/2016/q1/452 - http://www.openwall.com/lists/oss-security/2016/02/28/2 - http://www.openwall.com/lists/oss-security/2016/02/28/3 - https://access.redhat.com/security/cve/CVE-2016-2781 - https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E - https://lore.kernel.org/patchwork/patch/793178/ - https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes - https://nvd.nist.gov/vuln/detail/CVE-2016-2781 - https://www.cve.org/CVERecord?id=CVE-2016-2781 -
coreutilsCVE-2017-18018LOW9.1-1 - http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html - https://access.redhat.com/security/cve/CVE-2017-18018 - https://nvd.nist.gov/vuln/detail/CVE-2017-18018 - https://www.cve.org/CVERecord?id=CVE-2017-18018 -
iptablesCVE-2012-2663LOW1.8.9-2 - http://www.spinics.net/lists/netfilter-devel/msg21248.html - https://access.redhat.com/security/cve/CVE-2012-2663 - https://bugzilla.redhat.com/show_bug.cgi?id=826702 - https://nvd.nist.gov/vuln/detail/CVE-2012-2663 - https://www.cve.org/CVERecord?id=CVE-2012-2663 -
libc6CVE-2010-4756LOW2.36-9+deb12u7 - http://cxib.net/stuff/glob-0day.c - http://securityreason.com/achievement_securityalert/89 - http://securityreason.com/exploitalert/9223 - https://access.redhat.com/security/cve/CVE-2010-4756 - https://bugzilla.redhat.com/show_bug.cgi?id=681681 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756 - https://nvd.nist.gov/vuln/detail/CVE-2010-4756 - https://www.cve.org/CVERecord?id=CVE-2010-4756 -
libc6CVE-2018-20796LOW2.36-9+deb12u7 - http://www.securityfocus.com/bid/107160 - https://access.redhat.com/security/cve/CVE-2018-20796 - https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 - https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html - https://nvd.nist.gov/vuln/detail/CVE-2018-20796 - https://security.netapp.com/advisory/ntap-20190315-0002/ - https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS - https://www.cve.org/CVERecord?id=CVE-2018-20796 -
libc6CVE-2019-1010022LOW2.36-9+deb12u7 - https://access.redhat.com/security/cve/CVE-2019-1010022 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 - https://security-tracker.debian.org/tracker/CVE-2019-1010022 - https://sourceware.org/bugzilla/show_bug.cgi?id=22850 - https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3 - https://ubuntu.com/security/CVE-2019-1010022 - https://www.cve.org/CVERecord?id=CVE-2019-1010022 -
libc6CVE-2019-1010023LOW2.36-9+deb12u7 - http://www.securityfocus.com/bid/109167 - https://access.redhat.com/security/cve/CVE-2019-1010023 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010023 - https://security-tracker.debian.org/tracker/CVE-2019-1010023 - https://sourceware.org/bugzilla/show_bug.cgi?id=22851 - https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS - https://ubuntu.com/security/CVE-2019-1010023 - https://www.cve.org/CVERecord?id=CVE-2019-1010023 -
libc6CVE-2019-1010024LOW2.36-9+deb12u7 - http://www.securityfocus.com/bid/109162 - https://access.redhat.com/security/cve/CVE-2019-1010024 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010024 - https://security-tracker.debian.org/tracker/CVE-2019-1010024 - https://sourceware.org/bugzilla/show_bug.cgi?id=22852 - https://support.f5.com/csp/article/K06046097 - https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS - https://ubuntu.com/security/CVE-2019-1010024 - https://www.cve.org/CVERecord?id=CVE-2019-1010024 -
libc6CVE-2019-1010025LOW2.36-9+deb12u7 - https://access.redhat.com/security/cve/CVE-2019-1010025 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010025 - https://security-tracker.debian.org/tracker/CVE-2019-1010025 - https://sourceware.org/bugzilla/show_bug.cgi?id=22853 - https://support.f5.com/csp/article/K06046097 - https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS - https://ubuntu.com/security/CVE-2019-1010025 - https://www.cve.org/CVERecord?id=CVE-2019-1010025 -
libc6CVE-2019-9192LOW2.36-9+deb12u7 - https://access.redhat.com/security/cve/CVE-2019-9192 - https://nvd.nist.gov/vuln/detail/CVE-2019-9192 - https://sourceware.org/bugzilla/show_bug.cgi?id=24269 - https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS - https://www.cve.org/CVERecord?id=CVE-2019-9192 -
libip4tc2CVE-2012-2663LOW1.8.9-2 - http://www.spinics.net/lists/netfilter-devel/msg21248.html - https://access.redhat.com/security/cve/CVE-2012-2663 - https://bugzilla.redhat.com/show_bug.cgi?id=826702 - https://nvd.nist.gov/vuln/detail/CVE-2012-2663 - https://www.cve.org/CVERecord?id=CVE-2012-2663 -
libip6tc2CVE-2012-2663LOW1.8.9-2 - http://www.spinics.net/lists/netfilter-devel/msg21248.html - https://access.redhat.com/security/cve/CVE-2012-2663 - https://bugzilla.redhat.com/show_bug.cgi?id=826702 - https://nvd.nist.gov/vuln/detail/CVE-2012-2663 - https://www.cve.org/CVERecord?id=CVE-2012-2663 -
libjansson4CVE-2020-36325LOW2.14-2 - https://access.redhat.com/security/cve/CVE-2020-36325 - https://github.com/akheron/jansson/issues/548 - https://nvd.nist.gov/vuln/detail/CVE-2020-36325 - https://www.cve.org/CVERecord?id=CVE-2020-36325 -
libssl3CVE-2023-5678MEDIUM3.0.11-1~deb12u23.0.13-1~deb12u1 - https://access.redhat.com/errata/RHSA-2024:2447 - https://access.redhat.com/security/cve/CVE-2023-5678 - https://bugzilla.redhat.com/2223016 - https://bugzilla.redhat.com/2224962 - https://bugzilla.redhat.com/2227852 - https://bugzilla.redhat.com/2248616 - https://bugzilla.redhat.com/2257571 - https://bugzilla.redhat.com/2258502 - https://bugzilla.redhat.com/2259944 - https://errata.almalinux.org/9/ALSA-2024-2447.html - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 - https://linux.oracle.com/cve/CVE-2023-5678.html - https://linux.oracle.com/errata/ELSA-2024-2447.html - https://nvd.nist.gov/vuln/detail/CVE-2023-5678 - https://ubuntu.com/security/notices/USN-6622-1 - https://ubuntu.com/security/notices/USN-6632-1 - https://ubuntu.com/security/notices/USN-6709-1 - https://www.cve.org/CVERecord?id=CVE-2023-5678 - https://www.openssl.org/news/secadv/20231106.txt -
libssl3CVE-2023-6129
Kubernetes Security Check KSV048Manage Kubernetes workloads and pods MEDIUM3.0.11-1~deb12u23.0.13-1~deb12u1 - https://access.redhat.com/errata/RHSA-2024:9088 - https://access.redhat.com/security/cve/CVE-2023-6129 - https://bugzilla.redhat.com/2257571 - https://bugzilla.redhat.com/2258502 - https://bugzilla.redhat.com/2259944 - https://bugzilla.redhat.com/2284243 - https://errata.almalinux.org/9/ALSA-2024-9088.html - https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35 - https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04 - https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015 - https://linux.oracle.com/cve/CVE-2023-6129.html - https://linux.oracle.com/errata/ELSA-2024-9088.html - https://nvd.nist.gov/vuln/detail/CVE-2023-6129 - https://ubuntu.com/security/notices/USN-6622-1 - https://www.cve.org/CVERecord?id=CVE-2023-6129 - https://www.openssl.org/news/secadv/20240109.txt - https://www.openwall.com/lists/oss-security/2024/01/09/1 + ClusterRole 'system:controller:pod-garbage-collector' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
libssl3CVE-2023-6237MEDIUM3.0.11-1~deb12u23.0.13-1~deb12u1 - https://access.redhat.com/errata/RHSA-2024:9088 - https://access.redhat.com/security/cve/CVE-2023-6237 - https://bugzilla.redhat.com/2257571 - https://bugzilla.redhat.com/2258502 - https://bugzilla.redhat.com/2259944 - https://bugzilla.redhat.com/2284243 - https://errata.almalinux.org/9/ALSA-2024-9088.html - https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d - https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a - https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294 - https://linux.oracle.com/cve/CVE-2023-6237.html - https://linux.oracle.com/errata/ELSA-2024-9088.html - https://nvd.nist.gov/vuln/detail/CVE-2023-6237 - https://ubuntu.com/security/notices/USN-6622-1 - https://www.cve.org/CVERecord?id=CVE-2023-6237 - https://www.openssl.org/news/secadv/20240115.txt - https://www.openwall.com/lists/oss-security/2024/01/15/2 -
+ +
+
+ +
+ + +
+
+
+ +
+
+ +
+

ClusterRole/system:controller:replicaset-controller

+
+
+ + + + + + + + + + - - - + + + + + + - - - - - - + + + + - - - - - - - - - - + +
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
libssl3CVE-2024-0727
Kubernetes Security Check KSV048Manage Kubernetes workloads and pods MEDIUM3.0.11-1~deb12u23.0.13-1~deb12u1 - http://www.openwall.com/lists/oss-security/2024/03/11/1 - https://access.redhat.com/errata/RHSA-2024:9088 - https://access.redhat.com/security/cve/CVE-2024-0727 - https://bugzilla.redhat.com/2257571 - https://bugzilla.redhat.com/2258502 - https://bugzilla.redhat.com/2259944 - https://bugzilla.redhat.com/2284243 - https://errata.almalinux.org/9/ALSA-2024-9088.html - https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2 - https://github.com/github/advisory-database/pull/3472 - https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 - https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a - https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c - https://github.com/openssl/openssl/pull/23362 - https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d - https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 - https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 - https://linux.oracle.com/cve/CVE-2024-0727.html - https://linux.oracle.com/errata/ELSA-2024-9088.html - https://nvd.nist.gov/vuln/detail/CVE-2024-0727 - https://security.netapp.com/advisory/ntap-20240208-0006 - https://ubuntu.com/security/notices/USN-6622-1 - https://ubuntu.com/security/notices/USN-6632-1 - https://ubuntu.com/security/notices/USN-6709-1 - https://ubuntu.com/security/notices/USN-7018-1 - https://www.cve.org/CVERecord?id=CVE-2024-0727 - https://www.openssl.org/news/secadv/20240125.txt + ClusterRole 'system:controller:replicaset-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
libssl3CVE-2024-4603
Kubernetes Security Check KSV048Manage Kubernetes workloads and pods MEDIUM3.0.11-1~deb12u23.0.14-1~deb12u1 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-4603 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397 - https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e - https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d - https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740 - https://linux.oracle.com/cve/CVE-2024-4603.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-4603 - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-4603 - https://www.openssl.org/news/secadv/20240516.txt + ClusterRole 'system:controller:replicaset-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
libssl3CVE-2024-4741MEDIUM3.0.11-1~deb12u23.0.14-1~deb12u1 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-4741 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177 - https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d - https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac - https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8 - https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4 - https://linux.oracle.com/cve/CVE-2024-4741.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-4741 - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-4741 - https://www.openssl.org/news/secadv/20240528.txt -
+ +
+
+ +
+ + +
+
+
+ +
+
+ +
+

ClusterRole/system:controller:replication-controller

+
+
+ + + + + + + + + + - - - + + + + + + - - - - - - + + + + - - - - - - - - - - - - - - - - - - + +
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
libssl3CVE-2024-5535
Kubernetes Security Check KSV048Manage Kubernetes workloads and pods MEDIUM3.0.11-1~deb12u23.0.15-1~deb12u1 - http://www.openwall.com/lists/oss-security/2024/06/27/1 - http://www.openwall.com/lists/oss-security/2024/06/28/4 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-5535 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://bugzilla.redhat.com/show_bug.cgi?id=2294581 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://errata.rockylinux.org/RLSA-2024:7848 - https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37 - https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e - https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c - https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c - https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c - https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 - https://linux.oracle.com/cve/CVE-2024-5535.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-5535 - https://openssl.org/news/secadv/20240627.txt - https://security.netapp.com/advisory/ntap-20240712-0005/ - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-5535 - https://www.openssl.org/news/secadv/20240627.txt - https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL + ClusterRole 'system:controller:replication-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
libssl3CVE-2024-6119
Kubernetes Security Check KSV048Manage Kubernetes workloads and pods MEDIUM3.0.11-1~deb12u23.0.14-1~deb12u2 - https://access.redhat.com/errata/RHSA-2024:8935 - https://access.redhat.com/security/cve/CVE-2024-6119 - https://bugzilla.redhat.com/2306158 - https://bugzilla.redhat.com/show_bug.cgi?id=2306158 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119 - https://errata.almalinux.org/9/ALSA-2024-8935.html - https://errata.rockylinux.org/RLSA-2024:6783 - https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f - https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6 - https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2 - https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0 - https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj - https://linux.oracle.com/cve/CVE-2024-6119.html - https://linux.oracle.com/errata/ELSA-2024-8935.html - https://nvd.nist.gov/vuln/detail/CVE-2024-6119 - https://openssl-library.org/news/secadv/20240903.txt - https://ubuntu.com/security/notices/USN-6986-1 - https://www.cve.org/CVERecord?id=CVE-2024-6119 -
libssl3CVE-2024-2511LOW3.0.11-1~deb12u23.0.14-1~deb12u1 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-2511 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce - https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d - https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 - https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640 - https://linux.oracle.com/cve/CVE-2024-2511.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-2511 - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-2511 - https://www.openssl.org/news/secadv/20240408.txt - https://www.openssl.org/news/vulnerabilities.html + ClusterRole 'system:controller:replication-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
libssl3CVE-2024-9143LOW3.0.11-1~deb12u23.0.15-1~deb12u1 - https://access.redhat.com/security/cve/CVE-2024-9143 - https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 - https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 - https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 - https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 - https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a - https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 - https://nvd.nist.gov/vuln/detail/CVE-2024-9143 - https://openssl-library.org/news/secadv/20241016.txt - https://www.cve.org/CVERecord?id=CVE-2024-9143 -
+ +
+
+ +
+ + +
+
+
+ +
+
+ +
+

ClusterRole/system:controller:resourcequota-controller

+
+
+ + + + + + + + + + - - - - - - - + + + + + + + - +
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
libxtables12CVE-2012-2663LOW1.8.9-2 - http://www.spinics.net/lists/netfilter-devel/msg21248.html - https://access.redhat.com/security/cve/CVE-2012-2663 - https://bugzilla.redhat.com/show_bug.cgi?id=826702 - https://nvd.nist.gov/vuln/detail/CVE-2012-2663 - https://www.cve.org/CVERecord?id=CVE-2012-2663 +
Kubernetes Security Check KSV046Manage all resourcesCRITICALClusterRole 'system:controller:resourcequota-controller' shouldn't manage all resources +
+ https://avd.aquasec.com/misconfig/ksv046 +
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

ClusterRole/system:controller:root-ca-cert-publisher

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
base-files@12.4+deb12u5base-files12.4+deb12u5base-files12.4+deb12u5
conntrack@1:1.4.7-1+b2conntrack1.4.7conntrack-tools1.4.7
coreutils@9.1-1coreutils9.1coreutils9.1
ebtables@2.0.11-5ebtables2.0.11ebtables2.0.11
ipset@7.17-1ipset7.17ipset7.17
iptables@1.8.9-2iptables1.8.9iptables1.8.9
kmod@30+20221128-1kmod30+20221128kmod30+20221128
libbsd0@0.11.7-2libbsd00.11.7libbsd0.11.7
libc6@2.36-9+deb12u7libc62.36glibc2.36
libedit2@3.1-20221030-2libedit23.1-20221030libedit3.1-20221030
libgmp10@2:6.2.1+dfsg1-1.1libgmp106.2.1+dfsg1gmp6.2.1+dfsg1
libip4tc2@1.8.9-2libip4tc21.8.9iptables1.8.9
libip6tc2@1.8.9-2libip6tc21.8.9iptables1.8.9
libipset13@7.17-1libipset137.17ipset7.17
libjansson4@2.14-2libjansson42.14jansson2.14
libkmod2@30+20221128-1libkmod230+20221128kmod30+20221128
libmd0@1.0.4-2libmd01.0.4libmd1.0.4
libmnl0@1.0.4-3libmnl01.0.4libmnl1.0.4
libnetfilter-conntrack3@1.0.9-3libnetfilter-conntrack31.0.9libnetfilter-conntrack1.0.9
libnfnetlink0@1.0.2-2libnfnetlink01.0.2libnfnetlink1.0.2
libnftables1@1.0.6-2+deb12u2libnftables11.0.6nftables1.0.6
libnftnl11@1.2.4-2libnftnl111.2.4libnftnl1.2.4
libpcre2-8-0@10.42-1libpcre2-8-010.42pcre210.42
libssl3@3.0.11-1~deb12u2libssl33.0.11openssl3.0.11
libxtables12@1.8.9-2libxtables121.8.9iptables1.8.9
libzstd1@1.5.4+dfsg2-5libzstd11.5.4+dfsg2libzstd1.5.4+dfsg2
netbase@6.4netbase6.4netbase6.4
nftables@1.0.6-2+deb12u2nftables1.0.6nftables1.0.6
tzdata@2024a-0+deb12u1tzdata2024atzdata2024a
Kubernetes Security Check KSV049Manage configmapsMEDIUMClusterRole 'system:controller:root-ca-cert-publisher' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv049 +
+
-
-

bin/kindnetd

+ +
+
+ +
+ + +
+
+
+
- + + +
+

ClusterRole/system:controller:statefulset-controller

+
+
+
- - - - - - + - - - - - - - - - - - - - - - - - - - - - + + + + + + - - - - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
stdlibCVE-2024-34156HIGHv1.22.61.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9473 - https://access.redhat.com/security/cve/CVE-2024-34156 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2318052 - https://bugzilla.redhat.com/show_bug.cgi?id=2262921 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://errata.almalinux.org/9/ALSA-2024-9473.html - https://errata.rockylinux.org/RLSA-2024:7262 - https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) - https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) - https://go.dev/cl/611239 - https://go.dev/issue/69139 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34156.html - https://linux.oracle.com/errata/ELSA-2024-9473.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34156 - https://pkg.go.dev/vuln/GO-2024-3106 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34156 -
stdlibCVE-2024-34155MEDIUMv1.22.61.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34155 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) - https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) - https://go.dev/cl/611238 - https://go.dev/issue/69138 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34155.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34155 - https://pkg.go.dev/vuln/GO-2024-3105 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34155 -
stdlibCVE-2024-34158
Kubernetes Security Check KSV048Manage Kubernetes workloads and pods MEDIUMv1.22.61.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34158 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) - https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) - https://go.dev/cl/611240 - https://go.dev/issue/69141 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34158.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34158 - https://pkg.go.dev/vuln/GO-2024-3107 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34158 + ClusterRole 'system:controller:statefulset-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

ClusterRole/system:controller:ttl-after-finished-controller

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
sigs.k8s.io/kind/images/kindnetd
stdlibv1.22.6
github.com/beorn7/perksv1.0.1
github.com/cespare/xxhash/v2v2.3.0
github.com/coreos/go-iptablesv0.8.0
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/emicklei/go-restful/v3v3.12.1
github.com/florianl/go-nfqueuev1.3.2
github.com/fxamacker/cbor/v2v2.7.0
github.com/go-logr/logrv1.4.2
github.com/go-openapi/jsonpointerv0.21.0
github.com/go-openapi/jsonreferencev0.21.0
github.com/go-openapi/swagv0.23.0
github.com/gogo/protobufv1.3.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/uuidv1.6.0
github.com/josharian/internv1.0.0
github.com/josharian/nativev1.1.0
github.com/json-iterator/gov1.1.12
github.com/mailru/easyjsonv0.7.7
github.com/mdlayher/netlinkv1.7.2
github.com/mdlayher/socketv0.5.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/prometheus/client_golangv1.20.5
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.60.0
github.com/prometheus/procfsv0.15.1
github.com/vishvananda/netlinkv1.3.0
github.com/vishvananda/netnsv0.0.4
github.com/x448/float16v0.8.4
golang.org/x/netv0.30.0
golang.org/x/oauth2v0.23.0
golang.org/x/syncv0.8.0
golang.org/x/sysv0.26.0
golang.org/x/termv0.25.0
golang.org/x/textv0.19.0
golang.org/x/timev0.7.0
google.golang.org/protobufv1.35.1
gopkg.in/inf.v0v0.9.1
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/apiv0.31.1
k8s.io/apimachineryv0.31.1
k8s.io/client-gov0.31.1
k8s.io/klog/v2v2.130.1
k8s.io/kube-openapiv0.0.0-20240903163716-9e1beecbcb38
k8s.io/utilsv0.0.0-20240921022957-49e7df575cb6
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/knftablesv0.0.17
sigs.k8s.io/kube-network-policiesv0.6.1-0.20241023163654-4320aa92e3f0
sigs.k8s.io/network-policy-apiv0.1.5
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.4.0
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:controller:ttl-after-finished-controller' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
-
-

go-runner

+ +
+
+ +
+ + +
+
+
+
- + + +
+

ClusterRole/system:kube-controller-manager

+
+
+
- - - - - - + - - - - - - - - - + + + + + + - - - - - - - + + + + + - - - - - - - + + + + + - - - - - - - + + + + + - + + + + + + + +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
stdlibCVE-2024-34156HIGHv1.22.41.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9473 - https://access.redhat.com/security/cve/CVE-2024-34156 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2318052 - https://bugzilla.redhat.com/show_bug.cgi?id=2262921 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://errata.almalinux.org/9/ALSA-2024-9473.html - https://errata.rockylinux.org/RLSA-2024:7262 - https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) - https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) - https://go.dev/cl/611239 - https://go.dev/issue/69139 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34156.html - https://linux.oracle.com/errata/ELSA-2024-9473.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34156 - https://pkg.go.dev/vuln/GO-2024-3106 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34156 + +
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
stdlibCVE-2024-24791MEDIUMv1.22.41.21.12, 1.22.5 - https://access.redhat.com/errata/RHSA-2024:9135 - https://access.redhat.com/security/cve/CVE-2024-24791 - https://bugzilla.redhat.com/2268017 - https://bugzilla.redhat.com/2268022 - https://bugzilla.redhat.com/2279814 - https://bugzilla.redhat.com/2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://errata.almalinux.org/9/ALSA-2024-9135.html - https://errata.rockylinux.org/RLSA-2024:7349 - https://go.dev/cl/591255 - https://go.dev/issue/67555 - https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ - https://linux.oracle.com/cve/CVE-2024-24791.html - https://linux.oracle.com/errata/ELSA-2024-9115.html - https://nvd.nist.gov/vuln/detail/CVE-2024-24791 - https://pkg.go.dev/vuln/GO-2024-2963 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-24791 +
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
stdlibCVE-2024-34155MEDIUMv1.22.41.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34155 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) - https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) - https://go.dev/cl/611238 - https://go.dev/issue/69138 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34155.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34155 - https://pkg.go.dev/vuln/GO-2024-3105 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34155 +
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
stdlibCVE-2024-34158MEDIUMv1.22.41.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34158 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) - https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) - https://go.dev/cl/611240 - https://go.dev/issue/69141 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34158.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34158 - https://pkg.go.dev/vuln/GO-2024-3107 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34158 +
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
Kubernetes Security Check KSV046Manage all resourcesCRITICALClusterRole 'system:kube-controller-manager' shouldn't manage all resources +
+ https://avd.aquasec.com/misconfig/ksv046 +
+
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

ClusterRole/system:kube-scheduler

+
+
+
- - - - - - - - - - - - - - - - - - - - + + + + + + + + - +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
k8s.io/release/images/build/go-runner
stdlibv1.22.4
Kubernetes Security Check KSV048Manage Kubernetes workloads and podsMEDIUMClusterRole 'system:kube-scheduler' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
+
-
-

registry.k8s.io/kube-proxy:v1.31.2 (debian 12.7)

+ +
+
+ +
+ + +
+
+
+
- + + +
+

ClusterRole/system:node

+
+
+
- - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + - - - + + + + - - - - - - - - - - - - - - - - - - - - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
coreutilsCVE-2016-2781LOW9.1-1 - http://seclists.org/oss-sec/2016/q1/452 - http://www.openwall.com/lists/oss-security/2016/02/28/2 - http://www.openwall.com/lists/oss-security/2016/02/28/3 - https://access.redhat.com/security/cve/CVE-2016-2781 - https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E - https://lore.kernel.org/patchwork/patch/793178/ - https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes - https://nvd.nist.gov/vuln/detail/CVE-2016-2781 - https://www.cve.org/CVERecord?id=CVE-2016-2781 -
coreutilsCVE-2017-18018LOW9.1-1 - http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html - https://access.redhat.com/security/cve/CVE-2017-18018 - https://nvd.nist.gov/vuln/detail/CVE-2017-18018 - https://www.cve.org/CVERecord?id=CVE-2017-18018 -
iptablesCVE-2012-2663LOW1.8.9-2 - http://www.spinics.net/lists/netfilter-devel/msg21248.html - https://access.redhat.com/security/cve/CVE-2012-2663 - https://bugzilla.redhat.com/show_bug.cgi?id=826702 - https://nvd.nist.gov/vuln/detail/CVE-2012-2663 - https://www.cve.org/CVERecord?id=CVE-2012-2663 -
libc6CVE-2010-4756LOW2.36-9+deb12u8 - http://cxib.net/stuff/glob-0day.c - http://securityreason.com/achievement_securityalert/89 - http://securityreason.com/exploitalert/9223 - https://access.redhat.com/security/cve/CVE-2010-4756 - https://bugzilla.redhat.com/show_bug.cgi?id=681681 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756 - https://nvd.nist.gov/vuln/detail/CVE-2010-4756 - https://www.cve.org/CVERecord?id=CVE-2010-4756 -
libc6CVE-2018-20796LOW2.36-9+deb12u8 - http://www.securityfocus.com/bid/107160 - https://access.redhat.com/security/cve/CVE-2018-20796 - https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 - https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html - https://nvd.nist.gov/vuln/detail/CVE-2018-20796 - https://security.netapp.com/advisory/ntap-20190315-0002/ - https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS - https://www.cve.org/CVERecord?id=CVE-2018-20796 -
libc6CVE-2019-1010022LOW2.36-9+deb12u8 - https://access.redhat.com/security/cve/CVE-2019-1010022 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 - https://security-tracker.debian.org/tracker/CVE-2019-1010022 - https://sourceware.org/bugzilla/show_bug.cgi?id=22850 - https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3 - https://ubuntu.com/security/CVE-2019-1010022 - https://www.cve.org/CVERecord?id=CVE-2019-1010022 -
libc6CVE-2019-1010023LOW2.36-9+deb12u8 - http://www.securityfocus.com/bid/109167 - https://access.redhat.com/security/cve/CVE-2019-1010023 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010023 - https://security-tracker.debian.org/tracker/CVE-2019-1010023 - https://sourceware.org/bugzilla/show_bug.cgi?id=22851 - https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS - https://ubuntu.com/security/CVE-2019-1010023 - https://www.cve.org/CVERecord?id=CVE-2019-1010023 -
libc6CVE-2019-1010024LOW2.36-9+deb12u8 - http://www.securityfocus.com/bid/109162 - https://access.redhat.com/security/cve/CVE-2019-1010024 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010024 - https://security-tracker.debian.org/tracker/CVE-2019-1010024 - https://sourceware.org/bugzilla/show_bug.cgi?id=22852 - https://support.f5.com/csp/article/K06046097 - https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS - https://ubuntu.com/security/CVE-2019-1010024 - https://www.cve.org/CVERecord?id=CVE-2019-1010024 -
libc6CVE-2019-1010025LOW2.36-9+deb12u8 - https://access.redhat.com/security/cve/CVE-2019-1010025 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010025 - https://security-tracker.debian.org/tracker/CVE-2019-1010025 - https://sourceware.org/bugzilla/show_bug.cgi?id=22853 - https://support.f5.com/csp/article/K06046097 - https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS - https://ubuntu.com/security/CVE-2019-1010025 - https://www.cve.org/CVERecord?id=CVE-2019-1010025 -
libc6CVE-2019-9192LOW2.36-9+deb12u8 - https://access.redhat.com/security/cve/CVE-2019-9192 - https://nvd.nist.gov/vuln/detail/CVE-2019-9192 - https://sourceware.org/bugzilla/show_bug.cgi?id=24269 - https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS - https://www.cve.org/CVERecord?id=CVE-2019-9192 -
libip4tc2CVE-2012-2663LOW1.8.9-2 - http://www.spinics.net/lists/netfilter-devel/msg21248.html - https://access.redhat.com/security/cve/CVE-2012-2663 - https://bugzilla.redhat.com/show_bug.cgi?id=826702 - https://nvd.nist.gov/vuln/detail/CVE-2012-2663 - https://www.cve.org/CVERecord?id=CVE-2012-2663 -
libip6tc2CVE-2012-2663LOW1.8.9-2 - http://www.spinics.net/lists/netfilter-devel/msg21248.html - https://access.redhat.com/security/cve/CVE-2012-2663 - https://bugzilla.redhat.com/show_bug.cgi?id=826702 - https://nvd.nist.gov/vuln/detail/CVE-2012-2663 - https://www.cve.org/CVERecord?id=CVE-2012-2663 -
libjansson4CVE-2020-36325LOW2.14-2 - https://access.redhat.com/security/cve/CVE-2020-36325 - https://github.com/akheron/jansson/issues/548 - https://nvd.nist.gov/vuln/detail/CVE-2020-36325 - https://www.cve.org/CVERecord?id=CVE-2020-36325 + +
Kubernetes Security Check KSV041Manage secretsCRITICALClusterRole 'system:node' shouldn't have access to manage resource 'secrets' +
+ https://avd.aquasec.com/misconfig/ksv041 +
libssl3CVE-2024-5535
Kubernetes Security Check KSV048Manage Kubernetes workloads and pods MEDIUM3.0.14-1~deb12u23.0.15-1~deb12u1 - http://www.openwall.com/lists/oss-security/2024/06/27/1 - http://www.openwall.com/lists/oss-security/2024/06/28/4 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-5535 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://bugzilla.redhat.com/show_bug.cgi?id=2294581 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://errata.rockylinux.org/RLSA-2024:7848 - https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37 - https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e - https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c - https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c - https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c - https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 - https://linux.oracle.com/cve/CVE-2024-5535.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-5535 - https://openssl.org/news/secadv/20240627.txt - https://security.netapp.com/advisory/ntap-20240712-0005/ - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-5535 - https://www.openssl.org/news/secadv/20240627.txt - https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL -
libssl3CVE-2024-9143LOW3.0.14-1~deb12u23.0.15-1~deb12u1 - https://access.redhat.com/security/cve/CVE-2024-9143 - https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 - https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 - https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 - https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 - https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a - https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 - https://nvd.nist.gov/vuln/detail/CVE-2024-9143 - https://openssl-library.org/news/secadv/20241016.txt - https://www.cve.org/CVERecord?id=CVE-2024-9143 + ClusterRole 'system:node' should not have access to resources ["pods", "deployments", "jobs", "cronjobs", "statefulsets", "daemonsets", "replicasets", "replicationcontrollers"] for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv048 +
libxtables12CVE-2012-2663LOW1.8.9-2 - http://www.spinics.net/lists/netfilter-devel/msg21248.html - https://access.redhat.com/security/cve/CVE-2012-2663 - https://bugzilla.redhat.com/show_bug.cgi?id=826702 - https://nvd.nist.gov/vuln/detail/CVE-2012-2663 - https://www.cve.org/CVERecord?id=CVE-2012-2663 -
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

ClusterRoleBinding/cluster-admin

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
base-files@12.4+deb12u7base-files12.4+deb12u7base-files12.4+deb12u7
conntrack@1:1.4.7-1+b2conntrack1.4.7conntrack-tools1.4.7
coreutils@9.1-1coreutils9.1coreutils9.1
ebtables@2.0.11-5ebtables2.0.11ebtables2.0.11
ipset@7.17-1ipset7.17ipset7.17
iptables@1.8.9-2iptables1.8.9iptables1.8.9
kmod@30+20221128-1kmod30+20221128kmod30+20221128
libbsd0@0.11.7-2libbsd00.11.7libbsd0.11.7
libc6@2.36-9+deb12u8libc62.36glibc2.36
libedit2@3.1-20221030-2libedit23.1-20221030libedit3.1-20221030
libgmp10@2:6.2.1+dfsg1-1.1libgmp106.2.1+dfsg1gmp6.2.1+dfsg1
libip4tc2@1.8.9-2libip4tc21.8.9iptables1.8.9
libip6tc2@1.8.9-2libip6tc21.8.9iptables1.8.9
libipset13@7.17-1libipset137.17ipset7.17
libjansson4@2.14-2libjansson42.14jansson2.14
libkmod2@30+20221128-1libkmod230+20221128kmod30+20221128
libmd0@1.0.4-2libmd01.0.4libmd1.0.4
libmnl0@1.0.4-3libmnl01.0.4libmnl1.0.4
libnetfilter-conntrack3@1.0.9-3libnetfilter-conntrack31.0.9libnetfilter-conntrack1.0.9
libnfnetlink0@1.0.2-2libnfnetlink01.0.2libnfnetlink1.0.2
libnftables1@1.0.6-2+deb12u2libnftables11.0.6nftables1.0.6
libnftnl11@1.2.4-2libnftnl111.2.4libnftnl1.2.4
libpcre2-8-0@10.42-1libpcre2-8-010.42pcre210.42
libssl3@3.0.14-1~deb12u2libssl33.0.14openssl3.0.14
libxtables12@1.8.9-2libxtables121.8.9iptables1.8.9
libzstd1@1.5.4+dfsg2-5libzstd11.5.4+dfsg2libzstd1.5.4+dfsg2
netbase@6.4netbase6.4netbase6.4
nftables@1.0.6-2+deb12u2nftables1.0.6nftables1.0.6
tzdata@2024a-0+deb12u1tzdata2024atzdata2024a
Kubernetes Security Check KSV111User with admin accessMEDIUMClusterRoleBinding 'cluster-admin' should not bind to roles ["cluster-admin", "admin", "edit"] +
+ https://avd.aquasec.com/misconfig/ksv111 +
+
-
-

usr/local/bin/kube-proxy

+ +
+
+ +
+ + +
+
+
+
- + + +
+

ClusterRoleBinding/kubeadm:cluster-admins

+
+
+
- - - - - - + - - - - - + + + + + + - - - - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
github.com/opencontainers/runcCVE-2024-45310
Kubernetes Security Check KSV111User with admin access MEDIUMv1.1.131.1.14, 1.2.0-rc.3 - https://access.redhat.com/security/cve/CVE-2024-45310 - https://github.com/opencontainers/runc - https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 - https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e - https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf - https://github.com/opencontainers/runc/pull/4359 - https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv - https://nvd.nist.gov/vuln/detail/CVE-2024-45310 - https://www.cve.org/CVERecord?id=CVE-2024-45310 - https://www.openwall.com/lists/oss-security/2024/09/03/1 + ClusterRoleBinding 'kubeadm:cluster-admins' should not bind to roles ["cluster-admin", "admin", "edit"] +
+ https://avd.aquasec.com/misconfig/ksv111 +
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

NodeInfo/kind-control-plane

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
k8s.io/kubernetes
stdlibv1.22.8
github.com/NYTimes/gziphandlerv1.1.1
github.com/antlr4-go/antlr/v4v4.13.0
github.com/asaskevich/govalidatorv0.0.0-20190424111038-f61b66f89f4a
github.com/beorn7/perksv1.0.1
github.com/blang/semver/v4v4.0.0
github.com/cenkalti/backoff/v4v4.3.0
github.com/cespare/xxhash/v2v2.3.0
github.com/coreos/go-semverv0.3.1
github.com/coreos/go-systemd/v22v22.5.0
github.com/cyphar/filepath-securejoinv0.2.4
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/distribution/referencev0.5.0
github.com/emicklei/go-restful/v3v3.11.0
github.com/felixge/httpsnoopv1.0.4
github.com/fsnotify/fsnotifyv1.7.0
github.com/fxamacker/cbor/v2v2.7.0
github.com/go-logr/logrv1.4.2
github.com/go-logr/stdrv1.2.2
github.com/go-logr/zaprv1.3.0
github.com/go-openapi/jsonpointerv0.19.6
github.com/go-openapi/jsonreferencev0.20.2
github.com/go-openapi/swagv0.22.4
github.com/godbus/dbus/v5v5.1.0
github.com/gogo/protobufv1.3.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/cadvisorv0.49.0
github.com/google/cel-gov0.20.1
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/uuidv1.6.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.20.0
github.com/imdario/mergov0.3.6
github.com/josharian/internv1.0.0
github.com/json-iterator/gov1.1.12
github.com/lithammer/dedentv1.1.0
github.com/mailru/easyjsonv0.7.7
github.com/mistifyio/go-zfsv2.1.2-0.20190413222219-f784269be439+incompatible
github.com/moby/ipvsv1.1.0
github.com/moby/sys/mountinfov0.7.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/opencontainers/go-digestv1.0.0
github.com/opencontainers/runcv1.1.13
github.com/opencontainers/runtime-specv1.0.3-0.20220909204839-494a5a6aca78
github.com/pkg/errorsv0.9.1
github.com/prometheus/client_golangv1.19.1
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.55.0
github.com/prometheus/procfsv0.15.1
github.com/sirupsen/logrusv1.9.3
github.com/spf13/cobrav1.8.1
github.com/spf13/pflagv1.0.5
github.com/stoewer/go-strcasev1.2.0
github.com/vishvananda/netlinkv1.1.0
github.com/vishvananda/netnsv0.0.4
github.com/x448/float16v0.8.4
go.etcd.io/etcd/api/v3v3.5.14
go.etcd.io/etcd/client/pkg/v3v3.5.14
go.etcd.io/etcd/client/v3v3.5.14
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.53.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.53.0
go.opentelemetry.io/otelv1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.27.0
go.opentelemetry.io/otel/metricv1.28.0
go.opentelemetry.io/otel/sdkv1.28.0
go.opentelemetry.io/otel/tracev1.28.0
go.opentelemetry.io/proto/otlpv1.3.1
go.uber.org/multierrv1.11.0
go.uber.org/zapv1.26.0
golang.org/x/cryptov0.24.0
golang.org/x/expv0.0.0-20230515195305-f3d0a9c9a5cc
golang.org/x/netv0.26.0
golang.org/x/oauth2v0.21.0
golang.org/x/syncv0.7.0
golang.org/x/sysv0.21.0
golang.org/x/termv0.21.0
golang.org/x/textv0.16.0
golang.org/x/timev0.3.0
google.golang.org/genproto/googleapis/apiv0.0.0-20240528184218-531527333157
google.golang.org/genproto/googleapis/rpcv0.0.0-20240701130421-f6361c86f094
google.golang.org/grpcv1.65.0
google.golang.org/protobufv1.34.2
gopkg.in/evanphx/json-patch.v4v4.12.0
gopkg.in/inf.v0v0.9.1
gopkg.in/natefinch/lumberjack.v2v2.2.1
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/api
k8s.io/apiextensions-apiserver
k8s.io/apimachinery
k8s.io/apiserver
k8s.io/client-go
k8s.io/cloud-provider
k8s.io/component-base
k8s.io/component-helpers
k8s.io/controller-manager
k8s.io/cri-api
k8s.io/cri-client
k8s.io/klog/v2v2.130.1
k8s.io/kms
k8s.io/kube-openapiv0.0.0-20240228011516-70dd3763d340
k8s.io/kube-proxy
k8s.io/kubelet
k8s.io/mount-utils
k8s.io/utilsv0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/apiserver-network-proxy/konnectivity-clientv0.30.3
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/knftablesv0.0.17
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.4.0
Kubernetes Security Check KCV0056Ensure that the container network interface file permissions are set to 600 or more restrictiveHIGHEnsure that the Container Network Interface specification file permissions is set to 600 or more restrictive +
+ https://avd.aquasec.com/misconfig/kcv0056 +
+
Kubernetes Security Check KCV0059Ensure that the etcd data directory ownership is set to etcd:etcdLOWEnsure that the etcd data directory ownership is set to etcd:etcd +
+ https://avd.aquasec.com/misconfig/kcv0059 +
+
Kubernetes Security Check KCV0069Ensure that the kubelet service file permissions are set to 600 or more restrictiveHIGHEnsure that the kubelet service file permissions are set to 600 or more restrictive +
+ https://avd.aquasec.com/misconfig/kcv0069 +
+
Kubernetes Security Check KCV0075Ensure that the certificate authorities file permissions are set to 600 or more restrictiveCRITICALEnsure that the certificate authorities file permissions are set to 600 or more restrictive +
+ https://avd.aquasec.com/misconfig/kcv0075 +
+
Kubernetes Security Check KCV0077If the kubelet config.yaml configuration file is being used validate permissions set to 600 or more restrictiveHIGHEnsure that if the kubelet refers to a configuration file with the --config argument, that file has permissions of 600 or more restrictive. +
+ https://avd.aquasec.com/misconfig/kcv0077 +
+
-
-

usr/local/bin/kube-apiserver

+ +
+
+ +
+ + +
+
+
+
- + + +
+

Role/system:controller:bootstrap-signer

+
+
+
- - - - - - + - - - - - - - - - - - - - + + + + + + - - - - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
github.com/opencontainers/runcCVE-2024-45310MEDIUMv1.1.131.1.14, 1.2.0-rc.3 - https://access.redhat.com/security/cve/CVE-2024-45310 - https://github.com/opencontainers/runc - https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 - https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e - https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf - https://github.com/opencontainers/runc/pull/4359 - https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv - https://nvd.nist.gov/vuln/detail/CVE-2024-45310 - https://www.cve.org/CVERecord?id=CVE-2024-45310 - https://www.openwall.com/lists/oss-security/2024/09/03/1 -
gopkg.in/square/go-jose.v2CVE-2024-28180
Kubernetes Security Check KSV049Manage configmaps MEDIUMv2.6.0 - https://access.redhat.com/errata/RHSA-2024:3827 - https://access.redhat.com/security/cve/CVE-2024-28180 - https://bugzilla.redhat.com/2268017 - https://bugzilla.redhat.com/2268820 - https://bugzilla.redhat.com/2268854 - https://bugzilla.redhat.com/show_bug.cgi?id=2268017 - https://bugzilla.redhat.com/show_bug.cgi?id=2268820 - https://bugzilla.redhat.com/show_bug.cgi?id=2268854 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28176 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180 - https://errata.almalinux.org/9/ALSA-2024-3827.html - https://errata.rockylinux.org/RLSA-2024:3827 - https://github.com/go-jose/go-jose - https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 - https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a - https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 - https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g - https://linux.oracle.com/cve/CVE-2024-28180.html - https://linux.oracle.com/errata/ELSA-2024-3968.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/ - https://nvd.nist.gov/vuln/detail/CVE-2024-28180 - https://www.cve.org/CVERecord?id=CVE-2024-28180 + Role 'system:controller:bootstrap-signer' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv049 +
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

RoleBinding/kubeadm:bootstrap-signer-clusterinfo

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
k8s.io/kubernetes
stdlibv1.22.8
github.com/NYTimes/gziphandlerv1.1.1
github.com/antlr4-go/antlr/v4v4.13.0
github.com/asaskevich/govalidatorv0.0.0-20190424111038-f61b66f89f4a
github.com/beorn7/perksv1.0.1
github.com/blang/semver/v4v4.0.0
github.com/cenkalti/backoff/v4v4.3.0
github.com/cespare/xxhash/v2v2.3.0
github.com/coreos/go-oidcv2.2.1+incompatible
github.com/coreos/go-semverv0.3.1
github.com/coreos/go-systemd/v22v22.5.0
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/distribution/referencev0.5.0
github.com/emicklei/go-restful/v3v3.11.0
github.com/felixge/httpsnoopv1.0.4
github.com/fsnotify/fsnotifyv1.7.0
github.com/fxamacker/cbor/v2v2.7.0
github.com/go-logr/logrv1.4.2
github.com/go-logr/stdrv1.2.2
github.com/go-logr/zaprv1.3.0
github.com/go-openapi/jsonpointerv0.19.6
github.com/go-openapi/jsonreferencev0.20.2
github.com/go-openapi/swagv0.22.4
github.com/gogo/protobufv1.3.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/cel-gov0.20.1
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/uuidv1.6.0
github.com/gorilla/websocketv1.5.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.20.0
github.com/imdario/mergov0.3.6
github.com/josharian/internv1.0.0
github.com/json-iterator/gov1.1.12
github.com/mailru/easyjsonv0.7.7
github.com/moby/spdystreamv0.4.0
github.com/moby/sys/mountinfov0.7.1
github.com/moby/termv0.5.0
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/mxk/go-flowratev0.0.0-20140419014527-cca7078d478f
github.com/opencontainers/go-digestv1.0.0
github.com/opencontainers/runcv1.1.13
github.com/opencontainers/selinuxv1.11.0
github.com/pkg/errorsv0.9.1
github.com/pquerna/cachecontrolv0.1.0
github.com/prometheus/client_golangv1.19.1
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.55.0
github.com/prometheus/procfsv0.15.1
github.com/robfig/cron/v3v3.0.1
github.com/spf13/cobrav1.8.1
github.com/spf13/pflagv1.0.5
github.com/stoewer/go-strcasev1.2.0
github.com/x448/float16v0.8.4
go.etcd.io/etcd/api/v3v3.5.14
go.etcd.io/etcd/client/pkg/v3v3.5.14
go.etcd.io/etcd/client/v3v3.5.14
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.53.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.53.0
go.opentelemetry.io/otelv1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.27.0
go.opentelemetry.io/otel/metricv1.28.0
go.opentelemetry.io/otel/sdkv1.28.0
go.opentelemetry.io/otel/tracev1.28.0
go.opentelemetry.io/proto/otlpv1.3.1
go.uber.org/multierrv1.11.0
go.uber.org/zapv1.26.0
golang.org/x/cryptov0.24.0
golang.org/x/expv0.0.0-20230515195305-f3d0a9c9a5cc
golang.org/x/netv0.26.0
golang.org/x/oauth2v0.21.0
golang.org/x/syncv0.7.0
golang.org/x/sysv0.21.0
golang.org/x/termv0.21.0
golang.org/x/textv0.16.0
golang.org/x/timev0.3.0
golang.org/x/toolsv0.21.1-0.20240508182429-e35e4ccd0d2d
google.golang.org/genproto/googleapis/apiv0.0.0-20240528184218-531527333157
google.golang.org/genproto/googleapis/rpcv0.0.0-20240701130421-f6361c86f094
google.golang.org/grpcv1.65.0
google.golang.org/protobufv1.34.2
gopkg.in/evanphx/json-patch.v4v4.12.0
gopkg.in/inf.v0v0.9.1
gopkg.in/natefinch/lumberjack.v2v2.2.1
gopkg.in/square/go-jose.v2v2.6.0
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/api
k8s.io/apiextensions-apiserver
k8s.io/apimachinery
k8s.io/apiserver
k8s.io/client-go
k8s.io/cloud-provider
k8s.io/cluster-bootstrap
k8s.io/component-base
k8s.io/component-helpers
k8s.io/controller-manager
k8s.io/dynamic-resource-allocation
k8s.io/klog/v2v2.130.1
k8s.io/kms
k8s.io/kube-aggregator
k8s.io/kube-openapiv0.0.0-20240228011516-70dd3763d340
k8s.io/kubelet
k8s.io/mount-utils
k8s.io/pod-security-admission
k8s.io/utilsv0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/apiserver-network-proxy/konnectivity-clientv0.30.3
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.4.0
Kubernetes Security Check KSV122Anonymous user access bindingCRITICALRoleBinding 'kubeadm:bootstrap-signer-clusterinfo' should not bind to roles ["system:unauthenticated", "system:anonymous"] +
+ https://avd.aquasec.com/misconfig/ksv122 +
+
-
-

usr/local/bin/kube-controller-manager

+ +
+
+ +
+ + +
+
+
+
- + + +
+

ConfigMap/extension-apiserver-authentication

+
+
+
- - - - - - + - - - - - - - - - - - - - + + + + + + - - - - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
github.com/opencontainers/runcCVE-2024-45310MEDIUMv1.1.131.1.14, 1.2.0-rc.3 - https://access.redhat.com/security/cve/CVE-2024-45310 - https://github.com/opencontainers/runc - https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 - https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e - https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf - https://github.com/opencontainers/runc/pull/4359 - https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv - https://nvd.nist.gov/vuln/detail/CVE-2024-45310 - https://www.cve.org/CVERecord?id=CVE-2024-45310 - https://www.openwall.com/lists/oss-security/2024/09/03/1 -
gopkg.in/square/go-jose.v2CVE-2024-28180
Kubernetes Security Check AVD-KSV-01010ConfigMap with sensitive content MEDIUMv2.6.0 - https://access.redhat.com/errata/RHSA-2024:3827 - https://access.redhat.com/security/cve/CVE-2024-28180 - https://bugzilla.redhat.com/2268017 - https://bugzilla.redhat.com/2268820 - https://bugzilla.redhat.com/2268854 - https://bugzilla.redhat.com/show_bug.cgi?id=2268017 - https://bugzilla.redhat.com/show_bug.cgi?id=2268820 - https://bugzilla.redhat.com/show_bug.cgi?id=2268854 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28176 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180 - https://errata.almalinux.org/9/ALSA-2024-3827.html - https://errata.rockylinux.org/RLSA-2024:3827 - https://github.com/go-jose/go-jose - https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 - https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a - https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 - https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g - https://linux.oracle.com/cve/CVE-2024-28180.html - https://linux.oracle.com/errata/ELSA-2024-3968.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/ - https://nvd.nist.gov/vuln/detail/CVE-2024-28180 - https://www.cve.org/CVERecord?id=CVE-2024-28180 + ConfigMap 'extension-apiserver-authentication' in 'kube-system' namespace stores sensitive contents in key(s) or value(s) '{"requestheader-username-headers"}' +
+ https://avd.aquasec.com/misconfig/avd-ksv-01010 +
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

DaemonSet/kindnet

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
k8s.io/kubernetes
stdlibv1.22.8
github.com/NYTimes/gziphandlerv1.1.1
github.com/antlr4-go/antlr/v4v4.13.0
github.com/asaskevich/govalidatorv0.0.0-20190424111038-f61b66f89f4a
github.com/beorn7/perksv1.0.1
github.com/blang/semver/v4v4.0.0
github.com/cenkalti/backoff/v4v4.3.0
github.com/cespare/xxhash/v2v2.3.0
github.com/checkpoint-restore/go-criu/v5v5.3.0
github.com/cilium/ebpfv0.9.1
github.com/container-storage-interface/specv1.9.0
github.com/containerd/consolev1.0.3
github.com/containerd/ttrpcv1.2.2
github.com/coreos/go-oidcv2.2.1+incompatible
github.com/coreos/go-semverv0.3.1
github.com/coreos/go-systemd/v22v22.5.0
github.com/cyphar/filepath-securejoinv0.2.4
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/distribution/referencev0.5.0
github.com/docker/go-unitsv0.5.0
github.com/emicklei/go-restful/v3v3.11.0
github.com/euank/go-kmsg-parserv2.0.0+incompatible
github.com/felixge/httpsnoopv1.0.4
github.com/fsnotify/fsnotifyv1.7.0
github.com/fxamacker/cbor/v2v2.7.0
github.com/go-logr/logrv1.4.2
github.com/go-logr/stdrv1.2.2
github.com/go-logr/zaprv1.3.0
github.com/go-openapi/jsonpointerv0.19.6
github.com/go-openapi/jsonreferencev0.20.2
github.com/go-openapi/swagv0.22.4
github.com/godbus/dbus/v5v5.1.0
github.com/gogo/protobufv1.3.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/cadvisorv0.49.0
github.com/google/cel-gov0.20.1
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/uuidv1.6.0
github.com/gorilla/websocketv1.5.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.20.0
github.com/imdario/mergov0.3.6
github.com/josharian/internv1.0.0
github.com/json-iterator/gov1.1.12
github.com/karrick/godirwalkv1.17.0
github.com/libopenstorage/openstoragev1.0.0
github.com/mailru/easyjsonv0.7.7
github.com/mistifyio/go-zfsv2.1.2-0.20190413222219-f784269be439+incompatible
github.com/moby/spdystreamv0.4.0
github.com/moby/sys/mountinfov0.7.1
github.com/moby/termv0.5.0
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/mohae/deepcopyv0.0.0-20170603005431-491d3605edfb
github.com/mrunalp/fileutilsv0.5.1
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/mxk/go-flowratev0.0.0-20140419014527-cca7078d478f
github.com/opencontainers/go-digestv1.0.0
github.com/opencontainers/runcv1.1.13
github.com/opencontainers/runtime-specv1.0.3-0.20220909204839-494a5a6aca78
github.com/opencontainers/selinuxv1.11.0
github.com/pkg/errorsv0.9.1
github.com/pquerna/cachecontrolv0.1.0
github.com/prometheus/client_golangv1.19.1
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.55.0
github.com/prometheus/procfsv0.15.1
github.com/robfig/cron/v3v3.0.1
github.com/sirupsen/logrusv1.9.3
github.com/spf13/cobrav1.8.1
github.com/spf13/pflagv1.0.5
github.com/stoewer/go-strcasev1.2.0
github.com/syndtr/gocapabilityv0.0.0-20200815063812-42c35b437635
github.com/vishvananda/netlinkv1.1.0
github.com/vishvananda/netnsv0.0.4
github.com/x448/float16v0.8.4
go.etcd.io/etcd/api/v3v3.5.14
go.etcd.io/etcd/client/pkg/v3v3.5.14
go.etcd.io/etcd/client/v3v3.5.14
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.53.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.53.0
go.opentelemetry.io/otelv1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.27.0
go.opentelemetry.io/otel/metricv1.28.0
go.opentelemetry.io/otel/sdkv1.28.0
go.opentelemetry.io/otel/tracev1.28.0
go.opentelemetry.io/proto/otlpv1.3.1
go.uber.org/multierrv1.11.0
go.uber.org/zapv1.26.0
golang.org/x/cryptov0.24.0
golang.org/x/expv0.0.0-20230515195305-f3d0a9c9a5cc
golang.org/x/netv0.26.0
golang.org/x/oauth2v0.21.0
golang.org/x/syncv0.7.0
golang.org/x/sysv0.21.0
golang.org/x/termv0.21.0
golang.org/x/textv0.16.0
golang.org/x/timev0.3.0
golang.org/x/toolsv0.21.1-0.20240508182429-e35e4ccd0d2d
google.golang.org/genproto/googleapis/apiv0.0.0-20240528184218-531527333157
google.golang.org/genproto/googleapis/rpcv0.0.0-20240701130421-f6361c86f094
google.golang.org/grpcv1.65.0
google.golang.org/protobufv1.34.2
gopkg.in/evanphx/json-patch.v4v4.12.0
gopkg.in/inf.v0v0.9.1
gopkg.in/natefinch/lumberjack.v2v2.2.1
gopkg.in/square/go-jose.v2v2.6.0
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/api
k8s.io/apiextensions-apiserver
k8s.io/apimachinery
k8s.io/apiserver
k8s.io/client-go
k8s.io/cloud-provider
k8s.io/cluster-bootstrap
k8s.io/component-base
k8s.io/component-helpers
k8s.io/controller-manager
k8s.io/cri-api
k8s.io/cri-client
k8s.io/csi-translation-lib
k8s.io/dynamic-resource-allocation
k8s.io/endpointslice
k8s.io/klog/v2v2.130.1
k8s.io/kms
k8s.io/kube-aggregator
k8s.io/kube-controller-manager
k8s.io/kube-openapiv0.0.0-20240228011516-70dd3763d340
k8s.io/kube-scheduler
k8s.io/kubectl
k8s.io/kubelet
k8s.io/metrics
k8s.io/mount-utils
k8s.io/pod-security-admission
k8s.io/utilsv0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/apiserver-network-proxy/konnectivity-clientv0.30.3
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.4.0
Kubernetes Security Check KSV001Can elevate its own privilegesMEDIUMContainer 'kindnet-cni' of DaemonSet 'kindnet' should set 'securityContext.allowPrivilegeEscalation' to false +
+ https://avd.aquasec.com/misconfig/ksv001 +
+
Kubernetes Security Check KSV003Default capabilities: some containers do not drop allLOWContainer 'kindnet-cni' of DaemonSet 'kindnet' should add 'ALL' to 'securityContext.capabilities.drop' +
+ https://avd.aquasec.com/misconfig/ksv003 +
+
Kubernetes Security Check KSV009Access to host networkHIGHDaemonSet 'kindnet' should not set 'spec.template.spec.hostNetwork' to true +
+ https://avd.aquasec.com/misconfig/ksv009 +
+
Kubernetes Security Check KSV012Runs as root userMEDIUMContainer 'kindnet-cni' of DaemonSet 'kindnet' should set 'securityContext.runAsNonRoot' to true +
+ https://avd.aquasec.com/misconfig/ksv012 +
+
Kubernetes Security Check KSV014Root file system is not read-onlyHIGHContainer 'kindnet-cni' of DaemonSet 'kindnet' should set 'securityContext.readOnlyRootFilesystem' to true +
+ https://avd.aquasec.com/misconfig/ksv014 +
+
Kubernetes Security Check KSV020Runs with UID <= 10000LOWContainer 'kindnet-cni' of DaemonSet 'kindnet' should set 'securityContext.runAsUser' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv020 +
+
Kubernetes Security Check KSV021Runs with GID <= 10000LOWContainer 'kindnet-cni' of DaemonSet 'kindnet' should set 'securityContext.runAsGroup' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv021 +
+
Kubernetes Security Check KSV022Specific capabilities addedMEDIUMContainer 'kindnet-cni' of DaemonSet 'kindnet' should not set 'securityContext.capabilities.add' +
+ https://avd.aquasec.com/misconfig/ksv022 +
+
Kubernetes Security Check KSV023hostPath volumes mountedMEDIUMDaemonSet 'kindnet' should not set 'spec.template.volumes.hostPath' +
+ https://avd.aquasec.com/misconfig/ksv023 +
+
Kubernetes Security Check KSV030Runtime/Default Seccomp profile not setLOWEither Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault' +
+ https://avd.aquasec.com/misconfig/ksv030 +
+
Kubernetes Security Check KSV037User Pods should not be placed in kube-system namespaceMEDIUMDaemonSet 'kindnet' should not be set with 'kube-system' namespace +
+ https://avd.aquasec.com/misconfig/ksv037 +
+
Kubernetes Security Check KSV104Seccomp policies disabledMEDIUMcontainer "kindnet-cni" of daemonset "kindnet" in "kube-system" namespace should specify a seccomp profile +
+ https://avd.aquasec.com/misconfig/ksv104 +
+
Kubernetes Security Check KSV106Container capabilities must only include NET_BIND_SERVICELOWcontainer should drop all +
+ https://avd.aquasec.com/misconfig/ksv106 +
+
Kubernetes Security Check KSV119NET_RAW capability addedHIGHcontainer kindnet-cni of daemonset kindnet in kube-system namespace should not include 'NET_RAW' in securityContext.capabilities.add +
+ https://avd.aquasec.com/misconfig/ksv119 +
+
-
-

usr/local/bin/etcd

+ +
+
+ +
+ + +
+
+
+
- + + +
+

DaemonSet/kube-proxy

+
+
+
- - - - - - + + + + + + + + + + + + + + + + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + + + + + + - - - + + + + + + + + + + + + + + + + + + + + + - - - + + + + - - - - - - + + + + + + + + + + + - - - - + + + + + + + + + + + + + + +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
Kubernetes Security Check KSV001Can elevate its own privilegesMEDIUMContainer 'kube-proxy' of DaemonSet 'kube-proxy' should set 'securityContext.allowPrivilegeEscalation' to false +
+ https://avd.aquasec.com/misconfig/ksv001 +
+
Kubernetes Security Check KSV003Default capabilities: some containers do not drop allLOWContainer 'kube-proxy' of DaemonSet 'kube-proxy' should add 'ALL' to 'securityContext.capabilities.drop' +
+ https://avd.aquasec.com/misconfig/ksv003 +
+
github.com/golang-jwt/jwt/v4CVE-2024-51744
Kubernetes Security Check KSV009Access to host networkHIGHDaemonSet 'kube-proxy' should not set 'spec.template.spec.hostNetwork' to true +
+ https://avd.aquasec.com/misconfig/ksv009 +
+
Kubernetes Security Check KSV011CPU not limitedLOWContainer 'kube-proxy' of DaemonSet 'kube-proxy' should set 'resources.limits.cpu' +
+ https://avd.aquasec.com/misconfig/ksv011 +
+
Kubernetes Security Check KSV012Runs as root userMEDIUMContainer 'kube-proxy' of DaemonSet 'kube-proxy' should set 'securityContext.runAsNonRoot' to true +
+ https://avd.aquasec.com/misconfig/ksv012 +
+
Kubernetes Security Check KSV014Root file system is not read-onlyHIGHContainer 'kube-proxy' of DaemonSet 'kube-proxy' should set 'securityContext.readOnlyRootFilesystem' to true +
+ https://avd.aquasec.com/misconfig/ksv014 +
+
Kubernetes Security Check KSV015CPU requests not specified LOWv4.4.24.5.1 - https://access.redhat.com/security/cve/CVE-2024-51744 - https://github.com/golang-jwt/jwt - https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c - https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r - https://nvd.nist.gov/vuln/detail/CVE-2024-51744 - https://www.cve.org/CVERecord?id=CVE-2024-51744 + Container 'kube-proxy' of DaemonSet 'kube-proxy' should set 'resources.requests.cpu' +
+ https://avd.aquasec.com/misconfig/ksv015 +
stdlibCVE-2024-34156
Kubernetes Security Check KSV016Memory requests not specifiedLOWContainer 'kube-proxy' of DaemonSet 'kube-proxy' should set 'resources.requests.memory' +
+ https://avd.aquasec.com/misconfig/ksv016 +
+
Kubernetes Security Check KSV017Privileged HIGHv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9473 - https://access.redhat.com/security/cve/CVE-2024-34156 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2318052 - https://bugzilla.redhat.com/show_bug.cgi?id=2262921 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://errata.almalinux.org/9/ALSA-2024-9473.html - https://errata.rockylinux.org/RLSA-2024:7262 - https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) - https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) - https://go.dev/cl/611239 - https://go.dev/issue/69139 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34156.html - https://linux.oracle.com/errata/ELSA-2024-9473.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34156 - https://pkg.go.dev/vuln/GO-2024-3106 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34156 + Container 'kube-proxy' of DaemonSet 'kube-proxy' should set 'securityContext.privileged' to false +
+ https://avd.aquasec.com/misconfig/ksv017 +
+
Kubernetes Security Check KSV018Memory not limitedLOWContainer 'kube-proxy' of DaemonSet 'kube-proxy' should set 'resources.limits.memory' +
+ https://avd.aquasec.com/misconfig/ksv018 +
+
Kubernetes Security Check KSV020Runs with UID <= 10000LOWContainer 'kube-proxy' of DaemonSet 'kube-proxy' should set 'securityContext.runAsUser' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv020 +
+
Kubernetes Security Check KSV021Runs with GID <= 10000LOWContainer 'kube-proxy' of DaemonSet 'kube-proxy' should set 'securityContext.runAsGroup' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv021 +
stdlibCVE-2024-34155
Kubernetes Security Check KSV023hostPath volumes mounted MEDIUMv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34155 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) - https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) - https://go.dev/cl/611238 - https://go.dev/issue/69138 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34155.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34155 - https://pkg.go.dev/vuln/GO-2024-3105 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34155 + DaemonSet 'kube-proxy' should not set 'spec.template.volumes.hostPath' +
+ https://avd.aquasec.com/misconfig/ksv023 +
stdlibCVE-2024-34158
Kubernetes Security Check KSV030Runtime/Default Seccomp profile not setLOWEither Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault' +
+ https://avd.aquasec.com/misconfig/ksv030 +
+
Kubernetes Security Check KSV037User Pods should not be placed in kube-system namespace MEDIUMv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34158 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) - https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) - https://go.dev/cl/611240 - https://go.dev/issue/69141 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34158.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34158 - https://pkg.go.dev/vuln/GO-2024-3107 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34158 + DaemonSet 'kube-proxy' should not be set with 'kube-system' namespace +
+ https://avd.aquasec.com/misconfig/ksv037 +
Kubernetes Security Check KSV104Seccomp policies disabledMEDIUMcontainer "kube-proxy" of daemonset "kube-proxy" in "kube-system" namespace should specify a seccomp profile +
+ https://avd.aquasec.com/misconfig/ksv104 +
+
Kubernetes Security Check KSV106Container capabilities must only include NET_BIND_SERVICELOWcontainer should drop all +
+ https://avd.aquasec.com/misconfig/ksv106 +
+
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

Deployment/coredns

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
go.etcd.io/etcd/server/v3
stdlibv1.21.12
../api
../client/pkg
../client/v2
../client/v3
../pkg
../raft
github.com/beorn7/perksv1.0.1
github.com/cenkalti/backoff/v4v4.2.1
github.com/cespare/xxhash/v2v2.2.0
github.com/coreos/go-semverv0.3.0
github.com/coreos/go-systemd/v22v22.3.2
github.com/dustin/go-humanizev1.0.0
github.com/go-logr/logrv1.3.0
github.com/go-logr/stdrv1.2.2
github.com/gogo/protobufv1.3.2
github.com/golang-jwt/jwt/v4v4.4.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/btreev1.0.1
github.com/gorilla/websocketv1.4.2
github.com/grpc-ecosystem/go-grpc-middlewarev1.3.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gatewayv1.16.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.16.0
github.com/jonboulle/clockworkv0.2.2
github.com/json-iterator/gov1.1.11
github.com/matttproud/golang_protobuf_extensionsv1.0.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.1
github.com/prometheus/client_golangv1.11.1
github.com/prometheus/client_modelv0.2.0
github.com/prometheus/commonv0.26.0
github.com/prometheus/procfsv0.6.0
github.com/sirupsen/logrusv1.9.3
github.com/soheilhy/cmuxv0.1.5
github.com/spf13/cobrav1.1.3
github.com/spf13/pflagv1.0.5
github.com/tmc/grpc-websocket-proxyv0.0.0-20201229170055-e5319fda7802
github.com/xiang90/probingv0.0.0-20190116061207-43a291ad63a2
go.etcd.io/bboltv1.3.10
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.46.0
go.opentelemetry.io/otelv1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.20.0
go.opentelemetry.io/otel/metricv1.20.0
go.opentelemetry.io/otel/sdkv1.20.0
go.opentelemetry.io/otel/tracev1.20.0
go.opentelemetry.io/proto/otlpv1.0.0
go.uber.org/atomicv1.7.0
go.uber.org/multierrv1.6.0
go.uber.org/zapv1.17.0
golang.org/x/cryptov0.21.0
golang.org/x/netv0.23.0
golang.org/x/sysv0.18.0
golang.org/x/textv0.14.0
golang.org/x/timev0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/genprotov0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/apiv0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/rpcv0.0.0-20230822172742-b8732ec3820d
google.golang.org/grpcv1.59.0
google.golang.org/protobufv1.33.0
gopkg.in/natefinch/lumberjack.v2v2.0.0
gopkg.in/yaml.v2v2.4.0
sigs.k8s.io/yamlv1.2.0
Kubernetes Security Check KSV011CPU not limitedLOWContainer 'coredns' of Deployment 'coredns' should set 'resources.limits.cpu' +
+ https://avd.aquasec.com/misconfig/ksv011 +
+
Kubernetes Security Check KSV012Runs as root userMEDIUMContainer 'coredns' of Deployment 'coredns' should set 'securityContext.runAsNonRoot' to true +
+ https://avd.aquasec.com/misconfig/ksv012 +
+
Kubernetes Security Check KSV020Runs with UID <= 10000LOWContainer 'coredns' of Deployment 'coredns' should set 'securityContext.runAsUser' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv020 +
+
Kubernetes Security Check KSV021Runs with GID <= 10000LOWContainer 'coredns' of Deployment 'coredns' should set 'securityContext.runAsGroup' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv021 +
+
Kubernetes Security Check KSV022Specific capabilities addedMEDIUMContainer 'coredns' of Deployment 'coredns' should not set 'securityContext.capabilities.add' +
+ https://avd.aquasec.com/misconfig/ksv022 +
+
Kubernetes Security Check KSV030Runtime/Default Seccomp profile not setLOWEither Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault' +
+ https://avd.aquasec.com/misconfig/ksv030 +
+
Kubernetes Security Check KSV037User Pods should not be placed in kube-system namespaceMEDIUMDeployment 'coredns' should not be set with 'kube-system' namespace +
+ https://avd.aquasec.com/misconfig/ksv037 +
+
Kubernetes Security Check KSV104Seccomp policies disabledMEDIUMcontainer "coredns" of deployment "coredns" in "kube-system" namespace should specify a seccomp profile +
+ https://avd.aquasec.com/misconfig/ksv104 +
+
Kubernetes Security Check KSV117Prevent binding to privileged portsMEDIUMdeployment coredns in kube-system namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024 +
+ https://avd.aquasec.com/misconfig/ksv117 +
+
-
-

usr/local/bin/etcd-3.5.15

+ +
+
+ +
+ + +
+
+
+
- + + +
+

Pod/etcd-kind-control-plane

+
+
+
- - - - - - + + + + + + + + + + + + + + + + + + + + + + + + - - - - - + + + + - - - - - - + + + + + + + + + + + - - - + + + + + + + + + + + + + + + + + + + + + - - - + + + + - - - - - - + + + + - - - - + + + + + + + +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
Kubernetes Security Check KSV001Can elevate its own privilegesMEDIUMContainer 'etcd' of Pod 'etcd-kind-control-plane' should set 'securityContext.allowPrivilegeEscalation' to false +
+ https://avd.aquasec.com/misconfig/ksv001 +
+
Kubernetes Security Check KSV003Default capabilities: some containers do not drop allLOWContainer 'etcd' of Pod 'etcd-kind-control-plane' should add 'ALL' to 'securityContext.capabilities.drop' +
+ https://avd.aquasec.com/misconfig/ksv003 +
+
Kubernetes Security Check KSV009Access to host networkHIGHPod 'etcd-kind-control-plane' should not set 'spec.template.spec.hostNetwork' to true +
+ https://avd.aquasec.com/misconfig/ksv009 +
+
github.com/golang-jwt/jwt/v4CVE-2024-51744
Kubernetes Security Check KSV011CPU not limited LOWv4.4.24.5.1 - https://access.redhat.com/security/cve/CVE-2024-51744 - https://github.com/golang-jwt/jwt - https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c - https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r - https://nvd.nist.gov/vuln/detail/CVE-2024-51744 - https://www.cve.org/CVERecord?id=CVE-2024-51744 + Container 'etcd' of Pod 'etcd-kind-control-plane' should set 'resources.limits.cpu' +
+ https://avd.aquasec.com/misconfig/ksv011 +
stdlibCVE-2024-34156
Kubernetes Security Check KSV012Runs as root userMEDIUMContainer 'etcd' of Pod 'etcd-kind-control-plane' should set 'securityContext.runAsNonRoot' to true +
+ https://avd.aquasec.com/misconfig/ksv012 +
+
Kubernetes Security Check KSV014Root file system is not read-only HIGHv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9473 - https://access.redhat.com/security/cve/CVE-2024-34156 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2318052 - https://bugzilla.redhat.com/show_bug.cgi?id=2262921 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://errata.almalinux.org/9/ALSA-2024-9473.html - https://errata.rockylinux.org/RLSA-2024:7262 - https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) - https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) - https://go.dev/cl/611239 - https://go.dev/issue/69139 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34156.html - https://linux.oracle.com/errata/ELSA-2024-9473.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34156 - https://pkg.go.dev/vuln/GO-2024-3106 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34156 + Container 'etcd' of Pod 'etcd-kind-control-plane' should set 'securityContext.readOnlyRootFilesystem' to true +
+ https://avd.aquasec.com/misconfig/ksv014 +
+
Kubernetes Security Check KSV018Memory not limitedLOWContainer 'etcd' of Pod 'etcd-kind-control-plane' should set 'resources.limits.memory' +
+ https://avd.aquasec.com/misconfig/ksv018 +
+
Kubernetes Security Check KSV020Runs with UID <= 10000LOWContainer 'etcd' of Pod 'etcd-kind-control-plane' should set 'securityContext.runAsUser' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv020 +
+
Kubernetes Security Check KSV021Runs with GID <= 10000LOWContainer 'etcd' of Pod 'etcd-kind-control-plane' should set 'securityContext.runAsGroup' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv021 +
stdlibCVE-2024-34155
Kubernetes Security Check KSV023hostPath volumes mounted MEDIUMv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34155 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) - https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) - https://go.dev/cl/611238 - https://go.dev/issue/69138 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34155.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34155 - https://pkg.go.dev/vuln/GO-2024-3105 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34155 + Pod 'etcd-kind-control-plane' should not set 'spec.template.volumes.hostPath' +
+ https://avd.aquasec.com/misconfig/ksv023 +
stdlibCVE-2024-34158
Kubernetes Security Check KSV104Seccomp policies disabled MEDIUMv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34158 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) - https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) - https://go.dev/cl/611240 - https://go.dev/issue/69141 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34158.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34158 - https://pkg.go.dev/vuln/GO-2024-3107 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34158 + container "etcd" of pod "etcd-kind-control-plane" in "kube-system" namespace should specify a seccomp profile +
+ https://avd.aquasec.com/misconfig/ksv104 +
Kubernetes Security Check KSV106Container capabilities must only include NET_BIND_SERVICELOWcontainer should drop all +
+ https://avd.aquasec.com/misconfig/ksv106 +
+
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

Pod/kube-apiserver-kind-control-plane

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
go.etcd.io/etcd/server/v3
stdlibv1.21.12
../api
../client/pkg
../client/v2
../client/v3
../pkg
../raft
github.com/beorn7/perksv1.0.1
github.com/cenkalti/backoff/v4v4.2.1
github.com/cespare/xxhash/v2v2.2.0
github.com/coreos/go-semverv0.3.0
github.com/coreos/go-systemd/v22v22.3.2
github.com/dustin/go-humanizev1.0.0
github.com/go-logr/logrv1.3.0
github.com/go-logr/stdrv1.2.2
github.com/gogo/protobufv1.3.2
github.com/golang-jwt/jwt/v4v4.4.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/btreev1.0.1
github.com/gorilla/websocketv1.4.2
github.com/grpc-ecosystem/go-grpc-middlewarev1.3.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gatewayv1.16.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.16.0
github.com/jonboulle/clockworkv0.2.2
github.com/json-iterator/gov1.1.11
github.com/matttproud/golang_protobuf_extensionsv1.0.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.1
github.com/prometheus/client_golangv1.11.1
github.com/prometheus/client_modelv0.2.0
github.com/prometheus/commonv0.26.0
github.com/prometheus/procfsv0.6.0
github.com/sirupsen/logrusv1.9.3
github.com/soheilhy/cmuxv0.1.5
github.com/spf13/cobrav1.1.3
github.com/spf13/pflagv1.0.5
github.com/tmc/grpc-websocket-proxyv0.0.0-20201229170055-e5319fda7802
github.com/xiang90/probingv0.0.0-20190116061207-43a291ad63a2
go.etcd.io/bboltv1.3.10
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.46.0
go.opentelemetry.io/otelv1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.20.0
go.opentelemetry.io/otel/metricv1.20.0
go.opentelemetry.io/otel/sdkv1.20.0
go.opentelemetry.io/otel/tracev1.20.0
go.opentelemetry.io/proto/otlpv1.0.0
go.uber.org/atomicv1.7.0
go.uber.org/multierrv1.6.0
go.uber.org/zapv1.17.0
golang.org/x/cryptov0.21.0
golang.org/x/netv0.23.0
golang.org/x/sysv0.18.0
golang.org/x/textv0.14.0
golang.org/x/timev0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/genprotov0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/apiv0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/rpcv0.0.0-20230822172742-b8732ec3820d
google.golang.org/grpcv1.59.0
google.golang.org/protobufv1.33.0
gopkg.in/natefinch/lumberjack.v2v2.0.0
gopkg.in/yaml.v2v2.4.0
sigs.k8s.io/yamlv1.2.0
Kubernetes Security Check KCV0001Ensure that the --anonymous-auth argument is set to falseMEDIUMEnsure that the --anonymous-auth argument is set to false +
+ https://avd.aquasec.com/misconfig/kcv0001 +
+
Kubernetes Security Check KCV0006Ensure that the --kubelet-certificate-authority argument is set as appropriateLOWEnsure that the --kubelet-certificate-authority argument is set as appropriate +
+ https://avd.aquasec.com/misconfig/kcv0006 +
+
Kubernetes Security Check KCV0010Ensure that the admission control plugin EventRateLimit is setLOWEnsure that the admission control plugin EventRateLimit is set +
+ https://avd.aquasec.com/misconfig/kcv0010 +
+
Kubernetes Security Check KSV0012Ensure that the admission control plugin AlwaysPullImages is setLOWEnsure that the admission control plugin AlwaysPullImages is set +
+ https://avd.aquasec.com/misconfig/ksv0012 +
+
Kubernetes Security Check KCV0018Ensure that the --profiling argument is set to falseLOWEnsure that the --profiling argument is set to false +
+ https://avd.aquasec.com/misconfig/kcv0018 +
+
Kubernetes Security Check KCV0019Ensure that the --audit-log-path argument is setLOWEnsure that the --audit-log-path argument is set +
+ https://avd.aquasec.com/misconfig/kcv0019 +
+
Kubernetes Security Check KCV0020Ensure that the --audit-log-maxage argument is set to 30 or as appropriateLOWEnsure that the --audit-log-maxage argument is set to 30 or as appropriate +
+ https://avd.aquasec.com/misconfig/kcv0020 +
+
Kubernetes Security Check KCV0021Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateLOWEnsure that the --audit-log-maxbackup argument is set to 10 or as appropriate +
+ https://avd.aquasec.com/misconfig/kcv0021 +
+
Kubernetes Security Check KCV0022Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateLOWEnsure that the --audit-log-maxsize argument is set to 100 or as appropriate +
+ https://avd.aquasec.com/misconfig/kcv0022 +
+
Kubernetes Security Check KCV0030Ensure that the --encryption-provider-config argument is set as appropriateLOWEnsure that the --encryption-provider-config argument is set as appropriate +
+ https://avd.aquasec.com/misconfig/kcv0030 +
+
Kubernetes Security Check KSV001Can elevate its own privilegesMEDIUMContainer 'kube-apiserver' of Pod 'kube-apiserver-kind-control-plane' should set 'securityContext.allowPrivilegeEscalation' to false +
+ https://avd.aquasec.com/misconfig/ksv001 +
+
Kubernetes Security Check KSV003Default capabilities: some containers do not drop allLOWContainer 'kube-apiserver' of Pod 'kube-apiserver-kind-control-plane' should add 'ALL' to 'securityContext.capabilities.drop' +
+ https://avd.aquasec.com/misconfig/ksv003 +
+
Kubernetes Security Check KSV009Access to host networkHIGHPod 'kube-apiserver-kind-control-plane' should not set 'spec.template.spec.hostNetwork' to true +
+ https://avd.aquasec.com/misconfig/ksv009 +
+
Kubernetes Security Check KSV011CPU not limitedLOWContainer 'kube-apiserver' of Pod 'kube-apiserver-kind-control-plane' should set 'resources.limits.cpu' +
+ https://avd.aquasec.com/misconfig/ksv011 +
+
Kubernetes Security Check KSV012Runs as root userMEDIUMContainer 'kube-apiserver' of Pod 'kube-apiserver-kind-control-plane' should set 'securityContext.runAsNonRoot' to true +
+ https://avd.aquasec.com/misconfig/ksv012 +
+
Kubernetes Security Check KSV014Root file system is not read-onlyHIGHContainer 'kube-apiserver' of Pod 'kube-apiserver-kind-control-plane' should set 'securityContext.readOnlyRootFilesystem' to true +
+ https://avd.aquasec.com/misconfig/ksv014 +
+
Kubernetes Security Check KSV016Memory requests not specifiedLOWContainer 'kube-apiserver' of Pod 'kube-apiserver-kind-control-plane' should set 'resources.requests.memory' +
+ https://avd.aquasec.com/misconfig/ksv016 +
+
Kubernetes Security Check KSV018Memory not limitedLOWContainer 'kube-apiserver' of Pod 'kube-apiserver-kind-control-plane' should set 'resources.limits.memory' +
+ https://avd.aquasec.com/misconfig/ksv018 +
+
Kubernetes Security Check KSV020Runs with UID <= 10000LOWContainer 'kube-apiserver' of Pod 'kube-apiserver-kind-control-plane' should set 'securityContext.runAsUser' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv020 +
+
Kubernetes Security Check KSV021Runs with GID <= 10000LOWContainer 'kube-apiserver' of Pod 'kube-apiserver-kind-control-plane' should set 'securityContext.runAsGroup' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv021 +
+
Kubernetes Security Check KSV023hostPath volumes mountedMEDIUMPod 'kube-apiserver-kind-control-plane' should not set 'spec.template.volumes.hostPath' +
+ https://avd.aquasec.com/misconfig/ksv023 +
+
Kubernetes Security Check KSV104Seccomp policies disabledMEDIUMcontainer "kube-apiserver" of pod "kube-apiserver-kind-control-plane" in "kube-system" namespace should specify a seccomp profile +
+ https://avd.aquasec.com/misconfig/ksv104 +
+
Kubernetes Security Check KSV106Container capabilities must only include NET_BIND_SERVICELOWcontainer should drop all +
+ https://avd.aquasec.com/misconfig/ksv106 +
+
-
-

usr/local/bin/etcdctl

+ +
+
+ +
+ + +
+
+
+
- + + +
+

Pod/kube-controller-manager-kind-control-plane

+
+
+
- - - - - - + + + + + + + + + + + + + + + + + + + + + + + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + + + + + - - - + + + + - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + + - - - - - - + + + + - - - - + + + + + + + +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
Kubernetes Security Check KCV0033Ensure that the --terminated-pod-gc-threshold argument is set as appropriateLOWEnsure that the --terminated-pod-gc-threshold argument is set as appropriate +
+ https://avd.aquasec.com/misconfig/kcv0033 +
+
Kubernetes Security Check KCV0034Ensure that the --profiling argument is set to falseLOWEnsure that the --profiling argument is set to false +
+ https://avd.aquasec.com/misconfig/kcv0034 +
+
Kubernetes Security Check KCV0038Ensure that the RotateKubeletServerCertificate argument is set to trueLOWEnsure that the RotateKubeletServerCertificate argument is set to true +
+ https://avd.aquasec.com/misconfig/kcv0038 +
+
github.com/golang-jwt/jwt/v4CVE-2024-51744
Kubernetes Security Check KSV001Can elevate its own privilegesMEDIUMContainer 'kube-controller-manager' of Pod 'kube-controller-manager-kind-control-plane' should set 'securityContext.allowPrivilegeEscalation' to false +
+ https://avd.aquasec.com/misconfig/ksv001 +
+
Kubernetes Security Check KSV003Default capabilities: some containers do not drop allLOWContainer 'kube-controller-manager' of Pod 'kube-controller-manager-kind-control-plane' should add 'ALL' to 'securityContext.capabilities.drop' +
+ https://avd.aquasec.com/misconfig/ksv003 +
+
Kubernetes Security Check KSV009Access to host networkHIGHPod 'kube-controller-manager-kind-control-plane' should not set 'spec.template.spec.hostNetwork' to true +
+ https://avd.aquasec.com/misconfig/ksv009 +
+
Kubernetes Security Check KSV011CPU not limited LOWv4.4.24.5.1 - https://access.redhat.com/security/cve/CVE-2024-51744 - https://github.com/golang-jwt/jwt - https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c - https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r - https://nvd.nist.gov/vuln/detail/CVE-2024-51744 - https://www.cve.org/CVERecord?id=CVE-2024-51744 + Container 'kube-controller-manager' of Pod 'kube-controller-manager-kind-control-plane' should set 'resources.limits.cpu' +
+ https://avd.aquasec.com/misconfig/ksv011 +
+
Kubernetes Security Check KSV012Runs as root userMEDIUMContainer 'kube-controller-manager' of Pod 'kube-controller-manager-kind-control-plane' should set 'securityContext.runAsNonRoot' to true +
+ https://avd.aquasec.com/misconfig/ksv012 +
stdlibCVE-2024-34156
Kubernetes Security Check KSV014Root file system is not read-only HIGHv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9473 - https://access.redhat.com/security/cve/CVE-2024-34156 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2318052 - https://bugzilla.redhat.com/show_bug.cgi?id=2262921 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://errata.almalinux.org/9/ALSA-2024-9473.html - https://errata.rockylinux.org/RLSA-2024:7262 - https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) - https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) - https://go.dev/cl/611239 - https://go.dev/issue/69139 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34156.html - https://linux.oracle.com/errata/ELSA-2024-9473.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34156 - https://pkg.go.dev/vuln/GO-2024-3106 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34156 + Container 'kube-controller-manager' of Pod 'kube-controller-manager-kind-control-plane' should set 'securityContext.readOnlyRootFilesystem' to true +
+ https://avd.aquasec.com/misconfig/ksv014 +
+
Kubernetes Security Check KSV016Memory requests not specifiedLOWContainer 'kube-controller-manager' of Pod 'kube-controller-manager-kind-control-plane' should set 'resources.requests.memory' +
+ https://avd.aquasec.com/misconfig/ksv016 +
+
Kubernetes Security Check KSV018Memory not limitedLOWContainer 'kube-controller-manager' of Pod 'kube-controller-manager-kind-control-plane' should set 'resources.limits.memory' +
+ https://avd.aquasec.com/misconfig/ksv018 +
+
Kubernetes Security Check KSV020Runs with UID <= 10000LOWContainer 'kube-controller-manager' of Pod 'kube-controller-manager-kind-control-plane' should set 'securityContext.runAsUser' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv020 +
+
Kubernetes Security Check KSV021Runs with GID <= 10000LOWContainer 'kube-controller-manager' of Pod 'kube-controller-manager-kind-control-plane' should set 'securityContext.runAsGroup' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv021 +
stdlibCVE-2024-34155
Kubernetes Security Check KSV023hostPath volumes mounted MEDIUMv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34155 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) - https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) - https://go.dev/cl/611238 - https://go.dev/issue/69138 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34155.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34155 - https://pkg.go.dev/vuln/GO-2024-3105 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34155 + Pod 'kube-controller-manager-kind-control-plane' should not set 'spec.template.volumes.hostPath' +
+ https://avd.aquasec.com/misconfig/ksv023 +
stdlibCVE-2024-34158
Kubernetes Security Check KSV104Seccomp policies disabled MEDIUMv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34158 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) - https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) - https://go.dev/cl/611240 - https://go.dev/issue/69141 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34158.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34158 - https://pkg.go.dev/vuln/GO-2024-3107 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34158 + container "kube-controller-manager" of pod "kube-controller-manager-kind-control-plane" in "kube-system" namespace should specify a seccomp profile +
+ https://avd.aquasec.com/misconfig/ksv104 +
Kubernetes Security Check KSV106Container capabilities must only include NET_BIND_SERVICELOWcontainer should drop all +
+ https://avd.aquasec.com/misconfig/ksv106 +
+
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

Pod/kube-scheduler-kind-control-plane

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
go.etcd.io/etcd/etcdctl/v3
stdlibv1.21.12
../api
../client/pkg
../client/v2
../client/v3
../etcdutl
../pkg
../raft
../server
github.com/beorn7/perksv1.0.1
github.com/bgentry/speakeasyv0.1.0
github.com/cespare/xxhash/v2v2.2.0
github.com/coreos/go-semverv0.3.0
github.com/coreos/go-systemd/v22v22.3.2
github.com/cpuguy83/go-md2man/v2v2.0.0
github.com/dustin/go-humanizev1.0.0
github.com/go-logr/logrv1.3.0
github.com/go-logr/stdrv1.2.2
github.com/gogo/protobufv1.3.2
github.com/golang-jwt/jwt/v4v4.4.2
github.com/golang/protobufv1.5.4
github.com/google/btreev1.0.1
github.com/jonboulle/clockworkv0.2.2
github.com/json-iterator/gov1.1.11
github.com/mattn/go-runewidthv0.0.9
github.com/matttproud/golang_protobuf_extensionsv1.0.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.1
github.com/olekukonko/tablewriterv0.0.5
github.com/prometheus/client_golangv1.11.1
github.com/prometheus/client_modelv0.2.0
github.com/prometheus/commonv0.26.0
github.com/prometheus/procfsv0.6.0
github.com/russross/blackfriday/v2v2.0.1
github.com/shurcooL/sanitized_anchor_namev1.0.0
github.com/spf13/cobrav1.1.3
github.com/spf13/pflagv1.0.5
github.com/urfave/cliv1.22.4
github.com/xiang90/probingv0.0.0-20190116061207-43a291ad63a2
go.etcd.io/bboltv1.3.10
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.46.0
go.opentelemetry.io/otelv1.20.0
go.opentelemetry.io/otel/metricv1.20.0
go.opentelemetry.io/otel/tracev1.20.0
go.uber.org/atomicv1.7.0
go.uber.org/multierrv1.6.0
go.uber.org/zapv1.17.0
golang.org/x/cryptov0.21.0
golang.org/x/netv0.23.0
golang.org/x/sysv0.18.0
golang.org/x/textv0.14.0
golang.org/x/timev0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/genproto/googleapis/apiv0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/rpcv0.0.0-20230822172742-b8732ec3820d
google.golang.org/grpcv1.59.0
google.golang.org/protobufv1.33.0
gopkg.in/cheggaaa/pb.v1v1.0.28
Kubernetes Security Check KCV0040Ensure that the --profiling argument is set to falseLOWEnsure that the --profiling argument is set to false +
+ https://avd.aquasec.com/misconfig/kcv0040 +
+
Kubernetes Security Check KSV001Can elevate its own privilegesMEDIUMContainer 'kube-scheduler' of Pod 'kube-scheduler-kind-control-plane' should set 'securityContext.allowPrivilegeEscalation' to false +
+ https://avd.aquasec.com/misconfig/ksv001 +
+
Kubernetes Security Check KSV003Default capabilities: some containers do not drop allLOWContainer 'kube-scheduler' of Pod 'kube-scheduler-kind-control-plane' should add 'ALL' to 'securityContext.capabilities.drop' +
+ https://avd.aquasec.com/misconfig/ksv003 +
+
Kubernetes Security Check KSV009Access to host networkHIGHPod 'kube-scheduler-kind-control-plane' should not set 'spec.template.spec.hostNetwork' to true +
+ https://avd.aquasec.com/misconfig/ksv009 +
+
Kubernetes Security Check KSV011CPU not limitedLOWContainer 'kube-scheduler' of Pod 'kube-scheduler-kind-control-plane' should set 'resources.limits.cpu' +
+ https://avd.aquasec.com/misconfig/ksv011 +
+
Kubernetes Security Check KSV012Runs as root userMEDIUMContainer 'kube-scheduler' of Pod 'kube-scheduler-kind-control-plane' should set 'securityContext.runAsNonRoot' to true +
+ https://avd.aquasec.com/misconfig/ksv012 +
+
Kubernetes Security Check KSV014Root file system is not read-onlyHIGHContainer 'kube-scheduler' of Pod 'kube-scheduler-kind-control-plane' should set 'securityContext.readOnlyRootFilesystem' to true +
+ https://avd.aquasec.com/misconfig/ksv014 +
+
Kubernetes Security Check KSV016Memory requests not specifiedLOWContainer 'kube-scheduler' of Pod 'kube-scheduler-kind-control-plane' should set 'resources.requests.memory' +
+ https://avd.aquasec.com/misconfig/ksv016 +
+
Kubernetes Security Check KSV018Memory not limitedLOWContainer 'kube-scheduler' of Pod 'kube-scheduler-kind-control-plane' should set 'resources.limits.memory' +
+ https://avd.aquasec.com/misconfig/ksv018 +
+
Kubernetes Security Check KSV020Runs with UID <= 10000LOWContainer 'kube-scheduler' of Pod 'kube-scheduler-kind-control-plane' should set 'securityContext.runAsUser' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv020 +
+
Kubernetes Security Check KSV021Runs with GID <= 10000LOWContainer 'kube-scheduler' of Pod 'kube-scheduler-kind-control-plane' should set 'securityContext.runAsGroup' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv021 +
+
Kubernetes Security Check KSV023hostPath volumes mountedMEDIUMPod 'kube-scheduler-kind-control-plane' should not set 'spec.template.volumes.hostPath' +
+ https://avd.aquasec.com/misconfig/ksv023 +
+
Kubernetes Security Check KSV104Seccomp policies disabledMEDIUMcontainer "kube-scheduler" of pod "kube-scheduler-kind-control-plane" in "kube-system" namespace should specify a seccomp profile +
+ https://avd.aquasec.com/misconfig/ksv104 +
+
Kubernetes Security Check KSV106Container capabilities must only include NET_BIND_SERVICELOWcontainer should drop all +
+ https://avd.aquasec.com/misconfig/ksv106 +
+
-
-

usr/local/bin/etcdctl-3.5.15

+ +
+
+ +
+ + +
+
+
+
- + + +
+

Role/system::leader-locking-kube-controller-manager

+
+
+
- - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + - - - - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
github.com/golang-jwt/jwt/v4CVE-2024-51744LOWv4.4.24.5.1 - https://access.redhat.com/security/cve/CVE-2024-51744 - https://github.com/golang-jwt/jwt - https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c - https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r - https://nvd.nist.gov/vuln/detail/CVE-2024-51744 - https://www.cve.org/CVERecord?id=CVE-2024-51744 -
stdlibCVE-2024-34156HIGHv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9473 - https://access.redhat.com/security/cve/CVE-2024-34156 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2318052 - https://bugzilla.redhat.com/show_bug.cgi?id=2262921 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://errata.almalinux.org/9/ALSA-2024-9473.html - https://errata.rockylinux.org/RLSA-2024:7262 - https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) - https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) - https://go.dev/cl/611239 - https://go.dev/issue/69139 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34156.html - https://linux.oracle.com/errata/ELSA-2024-9473.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34156 - https://pkg.go.dev/vuln/GO-2024-3106 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34156 -
stdlibCVE-2024-34155MEDIUMv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34155 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) - https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) - https://go.dev/cl/611238 - https://go.dev/issue/69138 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34155.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34155 - https://pkg.go.dev/vuln/GO-2024-3105 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34155 -
stdlibCVE-2024-34158
Kubernetes Security Check KSV049Manage configmaps MEDIUMv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34158 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) - https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) - https://go.dev/cl/611240 - https://go.dev/issue/69141 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34158.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34158 - https://pkg.go.dev/vuln/GO-2024-3107 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34158 + Role 'system::leader-locking-kube-controller-manager' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv049 +
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

Role/system::leader-locking-kube-scheduler

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
go.etcd.io/etcd/etcdctl/v3
stdlibv1.21.12
../api
../client/pkg
../client/v2
../client/v3
../etcdutl
../pkg
../raft
../server
github.com/beorn7/perksv1.0.1
github.com/bgentry/speakeasyv0.1.0
github.com/cespare/xxhash/v2v2.2.0
github.com/coreos/go-semverv0.3.0
github.com/coreos/go-systemd/v22v22.3.2
github.com/cpuguy83/go-md2man/v2v2.0.0
github.com/dustin/go-humanizev1.0.0
github.com/go-logr/logrv1.3.0
github.com/go-logr/stdrv1.2.2
github.com/gogo/protobufv1.3.2
github.com/golang-jwt/jwt/v4v4.4.2
github.com/golang/protobufv1.5.4
github.com/google/btreev1.0.1
github.com/jonboulle/clockworkv0.2.2
github.com/json-iterator/gov1.1.11
github.com/mattn/go-runewidthv0.0.9
github.com/matttproud/golang_protobuf_extensionsv1.0.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.1
github.com/olekukonko/tablewriterv0.0.5
github.com/prometheus/client_golangv1.11.1
github.com/prometheus/client_modelv0.2.0
github.com/prometheus/commonv0.26.0
github.com/prometheus/procfsv0.6.0
github.com/russross/blackfriday/v2v2.0.1
github.com/shurcooL/sanitized_anchor_namev1.0.0
github.com/spf13/cobrav1.1.3
github.com/spf13/pflagv1.0.5
github.com/urfave/cliv1.22.4
github.com/xiang90/probingv0.0.0-20190116061207-43a291ad63a2
go.etcd.io/bboltv1.3.10
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.46.0
go.opentelemetry.io/otelv1.20.0
go.opentelemetry.io/otel/metricv1.20.0
go.opentelemetry.io/otel/tracev1.20.0
go.uber.org/atomicv1.7.0
go.uber.org/multierrv1.6.0
go.uber.org/zapv1.17.0
golang.org/x/cryptov0.21.0
golang.org/x/netv0.23.0
golang.org/x/sysv0.18.0
golang.org/x/textv0.14.0
golang.org/x/timev0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/genproto/googleapis/apiv0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/rpcv0.0.0-20230822172742-b8732ec3820d
google.golang.org/grpcv1.59.0
google.golang.org/protobufv1.33.0
gopkg.in/cheggaaa/pb.v1v1.0.28
Kubernetes Security Check KSV049Manage configmapsMEDIUMRole 'system::leader-locking-kube-scheduler' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv049 +
+
-
-

usr/local/bin/migrate

+ +
+
+ +
+ + +
+
+
+
- + + +
+

Role/system:controller:bootstrap-signer

+
+
+
- - - - - - + - - - - - - - - - - - - - - - - - - - - - + + + + + + - - - - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
stdlibCVE-2024-34156HIGHv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9473 - https://access.redhat.com/security/cve/CVE-2024-34156 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2318052 - https://bugzilla.redhat.com/show_bug.cgi?id=2262921 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://errata.almalinux.org/9/ALSA-2024-9473.html - https://errata.rockylinux.org/RLSA-2024:7262 - https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) - https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) - https://go.dev/cl/611239 - https://go.dev/issue/69139 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34156.html - https://linux.oracle.com/errata/ELSA-2024-9473.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34156 - https://pkg.go.dev/vuln/GO-2024-3106 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34156 -
stdlibCVE-2024-34155MEDIUMv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34155 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) - https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) - https://go.dev/cl/611238 - https://go.dev/issue/69138 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34155.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34155 - https://pkg.go.dev/vuln/GO-2024-3105 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34155 -
stdlibCVE-2024-34158
Kubernetes Security Check KSV113Manage namespace secrets MEDIUMv1.21.121.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34158 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) - https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) - https://go.dev/cl/611240 - https://go.dev/issue/69141 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34158.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34158 - https://pkg.go.dev/vuln/GO-2024-3107 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34158 + Role 'system:controller:bootstrap-signer' shouldn't have access to manage secrets in namespace 'kube-system' +
+ https://avd.aquasec.com/misconfig/ksv113 +
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

Role/system:controller:cloud-provider

+
+
+
- - - - - - - - - - - - - + + + + + + + + - +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
stdlibv1.21.12
Kubernetes Security Check KSV049Manage configmapsMEDIUMRole 'system:controller:cloud-provider' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"] +
+ https://avd.aquasec.com/misconfig/ksv049 +
+
-
-

docker.io/kindest/local-path-provisioner:v20240813-c6f155d6 (debian 11.10)

+ +
+
+ +
+ + +
+
+
+
- + + +
+

Role/system:controller:token-cleaner

+
+
+
- - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
libc6CVE-2023-4806MEDIUM2.31-13+deb11u10 - https://access.redhat.com/errata/RHSA-2023:5453 - https://access.redhat.com/errata/RHSA-2023:5455 - https://access.redhat.com/errata/RHSA-2023:7409 - https://access.redhat.com/security/cve/CVE-2023-4806 - https://bugzilla.redhat.com/2234712 - https://bugzilla.redhat.com/2237782 - https://bugzilla.redhat.com/2237798 - https://bugzilla.redhat.com/2238352 - https://bugzilla.redhat.com/show_bug.cgi?id=2234712 - https://bugzilla.redhat.com/show_bug.cgi?id=2237782 - https://bugzilla.redhat.com/show_bug.cgi?id=2237798 - https://bugzilla.redhat.com/show_bug.cgi?id=2238352 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4527 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4806 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4813 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911 - https://errata.almalinux.org/9/ALSA-2023-5453.html - https://errata.rockylinux.org/RLSA-2023:5455 - https://linux.oracle.com/cve/CVE-2023-4806.html - https://linux.oracle.com/errata/ELSA-2023-5455.html - https://nvd.nist.gov/vuln/detail/CVE-2023-4806 - https://ubuntu.com/security/notices/USN-6541-1 - https://ubuntu.com/security/notices/USN-6541-2 - https://www.cve.org/CVERecord?id=CVE-2023-4806 -
libc6CVE-2023-4813MEDIUM2.31-13+deb11u10 - https://access.redhat.com/errata/RHSA-2023:5453 - https://access.redhat.com/errata/RHSA-2023:5455 - https://access.redhat.com/errata/RHSA-2023:7409 - https://access.redhat.com/security/cve/CVE-2023-4813 - https://bugzilla.redhat.com/2234712 - https://bugzilla.redhat.com/2237782 - https://bugzilla.redhat.com/2237798 - https://bugzilla.redhat.com/2238352 - https://bugzilla.redhat.com/show_bug.cgi?id=2234712 - https://bugzilla.redhat.com/show_bug.cgi?id=2237782 - https://bugzilla.redhat.com/show_bug.cgi?id=2237798 - https://bugzilla.redhat.com/show_bug.cgi?id=2238352 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4527 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4806 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4813 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911 - https://errata.almalinux.org/9/ALSA-2023-5453.html - https://errata.rockylinux.org/RLSA-2023:5455 - https://linux.oracle.com/cve/CVE-2023-4813.html - https://linux.oracle.com/errata/ELSA-2023-5455.html - https://nvd.nist.gov/vuln/detail/CVE-2023-4813 - https://ubuntu.com/security/notices/USN-6541-1 - https://ubuntu.com/security/notices/USN-6541-2 - https://www.cve.org/CVERecord?id=CVE-2023-4813 -
libc6CVE-2010-4756LOW2.31-13+deb11u10 - http://cxib.net/stuff/glob-0day.c - http://securityreason.com/achievement_securityalert/89 - http://securityreason.com/exploitalert/9223 - https://access.redhat.com/security/cve/CVE-2010-4756 - https://bugzilla.redhat.com/show_bug.cgi?id=681681 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756 - https://nvd.nist.gov/vuln/detail/CVE-2010-4756 - https://www.cve.org/CVERecord?id=CVE-2010-4756 -
libc6CVE-2018-20796LOW2.31-13+deb11u10 - http://www.securityfocus.com/bid/107160 - https://access.redhat.com/security/cve/CVE-2018-20796 - https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 - https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html - https://nvd.nist.gov/vuln/detail/CVE-2018-20796 - https://security.netapp.com/advisory/ntap-20190315-0002/ - https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS - https://www.cve.org/CVERecord?id=CVE-2018-20796 -
libc6CVE-2019-1010022LOW2.31-13+deb11u10 - https://access.redhat.com/security/cve/CVE-2019-1010022 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 - https://security-tracker.debian.org/tracker/CVE-2019-1010022 - https://sourceware.org/bugzilla/show_bug.cgi?id=22850 - https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3 - https://ubuntu.com/security/CVE-2019-1010022 - https://www.cve.org/CVERecord?id=CVE-2019-1010022 -
libc6CVE-2019-1010023LOW2.31-13+deb11u10 - http://www.securityfocus.com/bid/109167 - https://access.redhat.com/security/cve/CVE-2019-1010023 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010023 - https://security-tracker.debian.org/tracker/CVE-2019-1010023 - https://sourceware.org/bugzilla/show_bug.cgi?id=22851 - https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS - https://ubuntu.com/security/CVE-2019-1010023 - https://www.cve.org/CVERecord?id=CVE-2019-1010023 -
libc6CVE-2019-1010024LOW2.31-13+deb11u10 - http://www.securityfocus.com/bid/109162 - https://access.redhat.com/security/cve/CVE-2019-1010024 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010024 - https://security-tracker.debian.org/tracker/CVE-2019-1010024 - https://sourceware.org/bugzilla/show_bug.cgi?id=22852 - https://support.f5.com/csp/article/K06046097 - https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS - https://ubuntu.com/security/CVE-2019-1010024 - https://www.cve.org/CVERecord?id=CVE-2019-1010024 -
libc6CVE-2019-1010025LOW2.31-13+deb11u10 - https://access.redhat.com/security/cve/CVE-2019-1010025 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010025 - https://security-tracker.debian.org/tracker/CVE-2019-1010025 - https://sourceware.org/bugzilla/show_bug.cgi?id=22853 - https://support.f5.com/csp/article/K06046097 - https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS - https://ubuntu.com/security/CVE-2019-1010025 - https://www.cve.org/CVERecord?id=CVE-2019-1010025 -
libc6CVE-2019-9192LOW2.31-13+deb11u10 - https://access.redhat.com/security/cve/CVE-2019-9192 - https://nvd.nist.gov/vuln/detail/CVE-2019-9192 - https://sourceware.org/bugzilla/show_bug.cgi?id=24269 - https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS - https://www.cve.org/CVERecord?id=CVE-2019-9192 -
libssl1.1CVE-2023-5678MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 - https://access.redhat.com/errata/RHSA-2024:2447 - https://access.redhat.com/security/cve/CVE-2023-5678 - https://bugzilla.redhat.com/2223016 - https://bugzilla.redhat.com/2224962 - https://bugzilla.redhat.com/2227852 - https://bugzilla.redhat.com/2248616 - https://bugzilla.redhat.com/2257571 - https://bugzilla.redhat.com/2258502 - https://bugzilla.redhat.com/2259944 - https://errata.almalinux.org/9/ALSA-2024-2447.html - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 - https://linux.oracle.com/cve/CVE-2023-5678.html - https://linux.oracle.com/errata/ELSA-2024-2447.html - https://nvd.nist.gov/vuln/detail/CVE-2023-5678 - https://ubuntu.com/security/notices/USN-6622-1 - https://ubuntu.com/security/notices/USN-6632-1 - https://ubuntu.com/security/notices/USN-6709-1 - https://www.cve.org/CVERecord?id=CVE-2023-5678 - https://www.openssl.org/news/secadv/20231106.txt -
libssl1.1CVE-2024-0727MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 - http://www.openwall.com/lists/oss-security/2024/03/11/1 - https://access.redhat.com/errata/RHSA-2024:9088 - https://access.redhat.com/security/cve/CVE-2024-0727 - https://bugzilla.redhat.com/2257571 - https://bugzilla.redhat.com/2258502 - https://bugzilla.redhat.com/2259944 - https://bugzilla.redhat.com/2284243 - https://errata.almalinux.org/9/ALSA-2024-9088.html - https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2 - https://github.com/github/advisory-database/pull/3472 - https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 - https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a - https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c - https://github.com/openssl/openssl/pull/23362 - https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d - https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 - https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 - https://linux.oracle.com/cve/CVE-2024-0727.html - https://linux.oracle.com/errata/ELSA-2024-9088.html - https://nvd.nist.gov/vuln/detail/CVE-2024-0727 - https://security.netapp.com/advisory/ntap-20240208-0006 - https://ubuntu.com/security/notices/USN-6622-1 - https://ubuntu.com/security/notices/USN-6632-1 - https://ubuntu.com/security/notices/USN-6709-1 - https://ubuntu.com/security/notices/USN-7018-1 - https://www.cve.org/CVERecord?id=CVE-2024-0727 - https://www.openssl.org/news/secadv/20240125.txt -
libssl1.1CVE-2024-4741MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-4741 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177 - https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d - https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac - https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8 - https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4 - https://linux.oracle.com/cve/CVE-2024-4741.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-4741 - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-4741 - https://www.openssl.org/news/secadv/20240528.txt -
libssl1.1CVE-2024-5535MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 - http://www.openwall.com/lists/oss-security/2024/06/27/1 - http://www.openwall.com/lists/oss-security/2024/06/28/4 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-5535 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://bugzilla.redhat.com/show_bug.cgi?id=2294581 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://errata.rockylinux.org/RLSA-2024:7848 - https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37 - https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e - https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c - https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c - https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c - https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 - https://linux.oracle.com/cve/CVE-2024-5535.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-5535 - https://openssl.org/news/secadv/20240627.txt - https://security.netapp.com/advisory/ntap-20240712-0005/ - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-5535 - https://www.openssl.org/news/secadv/20240627.txt - https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL -
libssl1.1CVE-2024-2511LOW1.1.1w-0+deb11u11.1.1w-0+deb11u2 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-2511 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce - https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d - https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 - https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640 - https://linux.oracle.com/cve/CVE-2024-2511.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-2511 - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-2511 - https://www.openssl.org/news/secadv/20240408.txt - https://www.openssl.org/news/vulnerabilities.html -
libssl1.1CVE-2024-9143LOW1.1.1w-0+deb11u11.1.1w-0+deb11u2 - https://access.redhat.com/security/cve/CVE-2024-9143 - https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 - https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 - https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 - https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 - https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a - https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 - https://nvd.nist.gov/vuln/detail/CVE-2024-9143 - https://openssl-library.org/news/secadv/20241016.txt - https://www.cve.org/CVERecord?id=CVE-2024-9143 -
opensslCVE-2023-5678MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 - https://access.redhat.com/errata/RHSA-2024:2447 - https://access.redhat.com/security/cve/CVE-2023-5678 - https://bugzilla.redhat.com/2223016 - https://bugzilla.redhat.com/2224962 - https://bugzilla.redhat.com/2227852 - https://bugzilla.redhat.com/2248616 - https://bugzilla.redhat.com/2257571 - https://bugzilla.redhat.com/2258502 - https://bugzilla.redhat.com/2259944 - https://errata.almalinux.org/9/ALSA-2024-2447.html - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 - https://linux.oracle.com/cve/CVE-2023-5678.html - https://linux.oracle.com/errata/ELSA-2024-2447.html - https://nvd.nist.gov/vuln/detail/CVE-2023-5678 - https://ubuntu.com/security/notices/USN-6622-1 - https://ubuntu.com/security/notices/USN-6632-1 - https://ubuntu.com/security/notices/USN-6709-1 - https://www.cve.org/CVERecord?id=CVE-2023-5678 - https://www.openssl.org/news/secadv/20231106.txt -
opensslCVE-2024-0727MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 - http://www.openwall.com/lists/oss-security/2024/03/11/1 - https://access.redhat.com/errata/RHSA-2024:9088 - https://access.redhat.com/security/cve/CVE-2024-0727 - https://bugzilla.redhat.com/2257571 - https://bugzilla.redhat.com/2258502 - https://bugzilla.redhat.com/2259944 - https://bugzilla.redhat.com/2284243 - https://errata.almalinux.org/9/ALSA-2024-9088.html - https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2 - https://github.com/github/advisory-database/pull/3472 - https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 - https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a - https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c - https://github.com/openssl/openssl/pull/23362 - https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d - https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 - https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 - https://linux.oracle.com/cve/CVE-2024-0727.html - https://linux.oracle.com/errata/ELSA-2024-9088.html - https://nvd.nist.gov/vuln/detail/CVE-2024-0727 - https://security.netapp.com/advisory/ntap-20240208-0006 - https://ubuntu.com/security/notices/USN-6622-1 - https://ubuntu.com/security/notices/USN-6632-1 - https://ubuntu.com/security/notices/USN-6709-1 - https://ubuntu.com/security/notices/USN-7018-1 - https://www.cve.org/CVERecord?id=CVE-2024-0727 - https://www.openssl.org/news/secadv/20240125.txt -
opensslCVE-2024-4741MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-4741 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177 - https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d - https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac - https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8 - https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4 - https://linux.oracle.com/cve/CVE-2024-4741.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-4741 - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-4741 - https://www.openssl.org/news/secadv/20240528.txt -
opensslCVE-2024-5535
Kubernetes Security Check KSV113Manage namespace secrets MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 - http://www.openwall.com/lists/oss-security/2024/06/27/1 - http://www.openwall.com/lists/oss-security/2024/06/28/4 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-5535 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://bugzilla.redhat.com/show_bug.cgi?id=2294581 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://errata.rockylinux.org/RLSA-2024:7848 - https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37 - https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e - https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c - https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c - https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c - https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 - https://linux.oracle.com/cve/CVE-2024-5535.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-5535 - https://openssl.org/news/secadv/20240627.txt - https://security.netapp.com/advisory/ntap-20240712-0005/ - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-5535 - https://www.openssl.org/news/secadv/20240627.txt - https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL -
opensslCVE-2024-2511LOW1.1.1w-0+deb11u11.1.1w-0+deb11u2 - https://access.redhat.com/errata/RHSA-2024:9333 - https://access.redhat.com/security/cve/CVE-2024-2511 - https://bugzilla.redhat.com/2274020 - https://bugzilla.redhat.com/2281029 - https://bugzilla.redhat.com/2283757 - https://bugzilla.redhat.com/2294581 - https://errata.almalinux.org/9/ALSA-2024-9333.html - https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce - https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d - https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 - https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640 - https://linux.oracle.com/cve/CVE-2024-2511.html - https://linux.oracle.com/errata/ELSA-2024-9333.html - https://nvd.nist.gov/vuln/detail/CVE-2024-2511 - https://ubuntu.com/security/notices/USN-6937-1 - https://www.cve.org/CVERecord?id=CVE-2024-2511 - https://www.openssl.org/news/secadv/20240408.txt - https://www.openssl.org/news/vulnerabilities.html + Role 'system:controller:token-cleaner' shouldn't have access to manage secrets in namespace 'kube-system' +
+ https://avd.aquasec.com/misconfig/ksv113 +
opensslCVE-2024-9143LOW1.1.1w-0+deb11u11.1.1w-0+deb11u2 - https://access.redhat.com/security/cve/CVE-2024-9143 - https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 - https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 - https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 - https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 - https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a - https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 - https://nvd.nist.gov/vuln/detail/CVE-2024-9143 - https://openssl-library.org/news/secadv/20241016.txt - https://www.cve.org/CVERecord?id=CVE-2024-9143 -
tzdataDLA-3972-1UNKNOWN2024a-0+deb11u12024b-0+deb11u1 -
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- +
+

Service/kube-dns

+
+
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - +
ID + Type Name - + Misconf ID + Version + Check SrcName - + Severity + SrcVersion - + + Message +
base-files@11.1+deb11u10base-files11.1+deb11u10base-files11.1+deb11u10
libc6@2.31-13+deb11u10libc62.31glibc2.31
libssl1.1@1.1.1w-0+deb11u1libssl1.11.1.1wopenssl1.1.1w
netbase@6.3netbase6.3netbase6.3
openssl@1.1.1w-0+deb11u1openssl1.1.1wopenssl1.1.1w
tzdata@2024a-0+deb11u1tzdata2024atzdata2024a
Kubernetes Security Check KSV037User Pods should not be placed in kube-system namespaceMEDIUMService 'kube-dns' should not be set with 'kube-system' namespace +
+ https://avd.aquasec.com/misconfig/ksv037 +
+
-
-

usr/local/bin/local-path-provisioner

+ +
+
+ +
+ + +
+
+
+
- + + +
+

Deployment/local-path-provisioner

+
+
+
- - - - - - + - - - - - - - - - + + + + + + + + + + + + + - - - + + + + + + + + + + + - - - - - - + + + + - - - - - - - - - - + + + + + - - - - - - - + + + + + - - - - - - - + + + + + - - - - - - - + + + + + - - - - - - - + + + + + - - - - - - - + + + + + - - - + + + + - - - - - - - - - - + + + + + - +
Package + Type Vulnerability ID - + Misconf ID + Severity + Check Installed Version - - - - Fixed Version - + Severity + Links + + Message
github.com/gogo/protobufCVE-2021-3121HIGHv1.3.11.3.2 - https://access.redhat.com/security/cve/CVE-2021-3121 - https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 - https://github.com/gogo/protobuf - https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc - https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 - https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E - https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E - https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E - https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E - https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E - https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E - https://nvd.nist.gov/vuln/detail/CVE-2021-3121 - https://pkg.go.dev/vuln/GO-2021-0053 - https://security.netapp.com/advisory/ntap-20210219-0006 - https://security.netapp.com/advisory/ntap-20210219-0006/ - https://www.cve.org/CVERecord?id=CVE-2021-3121 + +
Kubernetes Security Check KSV001Can elevate its own privilegesMEDIUMContainer 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'securityContext.allowPrivilegeEscalation' to false +
+ https://avd.aquasec.com/misconfig/ksv001 +
+
Kubernetes Security Check KSV003Default capabilities: some containers do not drop allLOWContainer 'local-path-provisioner' of Deployment 'local-path-provisioner' should add 'ALL' to 'securityContext.capabilities.drop' +
+ https://avd.aquasec.com/misconfig/ksv003 +
golang.org/x/cryptoCVE-2023-48795
Kubernetes Security Check KSV011CPU not limitedLOWContainer 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'resources.limits.cpu' +
+ https://avd.aquasec.com/misconfig/ksv011 +
+
Kubernetes Security Check KSV012Runs as root user MEDIUMv0.7.00.17.0 - http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html - http://seclists.org/fulldisclosure/2024/Mar/21 - http://www.openwall.com/lists/oss-security/2023/12/18/3 - http://www.openwall.com/lists/oss-security/2023/12/19/5 - http://www.openwall.com/lists/oss-security/2023/12/20/3 - http://www.openwall.com/lists/oss-security/2024/03/06/3 - http://www.openwall.com/lists/oss-security/2024/04/17/8 - https://access.redhat.com/errata/RHSA-2024:1150 - https://access.redhat.com/security/cve/CVE-2023-48795 - https://access.redhat.com/security/cve/cve-2023-48795 - https://access.redhat.com/solutions/7071748 - https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack - https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ - https://bugs.gentoo.org/920280 - https://bugzilla.redhat.com/2254210 - https://bugzilla.redhat.com/show_bug.cgi?id=2254210 - https://bugzilla.suse.com/show_bug.cgi?id=1217950 - https://crates.io/crates/thrussh/versions - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 - https://errata.almalinux.org/9/ALSA-2024-1150.html - https://errata.rockylinux.org/RLSA-2024:0628 - https://filezilla-project.org/versions.php - https://forum.netgate.com/topic/184941/terrapin-ssh-attack - https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 - https://github.com/NixOS/nixpkgs/pull/275249 - https://github.com/PowerShell/Win32-OpenSSH/issues/2189 - https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta - https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 - https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 - https://github.com/advisories/GHSA-45x7-px36-x8w8 - https://github.com/apache/mina-sshd/issues/445 - https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab - https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 - https://github.com/cyd01/KiTTY/issues/520 - https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 - https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 - https://github.com/erlang/otp/releases/tag/OTP-26.2.1 - https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d - https://github.com/hierynomus/sshj/issues/916 - https://github.com/janmojzis/tinyssh/issues/81 - https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 - https://github.com/libssh2/libssh2/pull/1291 - https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 - https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 - https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 - https://github.com/mwiede/jsch/issues/457 - https://github.com/mwiede/jsch/pull/461 - https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 - https://github.com/openssh/openssh-portable/commits/master - https://github.com/paramiko/paramiko/issues/2337 - https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 - https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES - https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES - https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES - https://github.com/proftpd/proftpd/issues/456 - https://github.com/rapier1/hpn-ssh/releases - https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst - https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 - https://github.com/ronf/asyncssh/tags - https://github.com/ssh-mitm/ssh-mitm/issues/165 - https://github.com/warp-tech/russh - https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 - https://github.com/warp-tech/russh/releases/tag/v0.40.2 - https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 - https://gitlab.com/libssh/libssh-mirror/-/tags - https://go.dev/cl/550715 - https://go.dev/issue/64784 - https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ - https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg - https://help.panic.com/releasenotes/transmit5 - https://help.panic.com/releasenotes/transmit5/ - https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 - https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ - https://linux.oracle.com/cve/CVE-2023-48795.html - https://linux.oracle.com/errata/ELSA-2024-2988.html - https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html - https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html - https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html - https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ - https://matt.ucc.asn.au/dropbear/CHANGES - https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC - https://news.ycombinator.com/item?id=38684904 - https://news.ycombinator.com/item?id=38685286 - https://news.ycombinator.com/item?id=38732005 - https://nova.app/releases/#v11.8 - https://nvd.nist.gov/vuln/detail/CVE-2023-48795 - https://oryx-embedded.com/download/#changelog - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 - https://roumenpetrov.info/secsh/#news20231220 - https://security-tracker.debian.org/tracker/CVE-2023-48795 - https://security-tracker.debian.org/tracker/source-package/libssh2 - https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg - https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 - https://security.gentoo.org/glsa/202312-16 - https://security.gentoo.org/glsa/202312-17 - https://security.netapp.com/advisory/ntap-20240105-0004 - https://security.netapp.com/advisory/ntap-20240105-0004/ - https://support.apple.com/kb/HT214084 - https://terrapin-attack.com/ - https://thorntech.com/cve-2023-48795-and-sftp-gateway - https://thorntech.com/cve-2023-48795-and-sftp-gateway/ - https://twitter.com/TrueSkrillor/status/1736774389725565005 - https://ubuntu.com/security/CVE-2023-48795 - https://ubuntu.com/security/notices/USN-6560-1 - https://ubuntu.com/security/notices/USN-6560-2 - https://ubuntu.com/security/notices/USN-6561-1 - https://ubuntu.com/security/notices/USN-6585-1 - https://ubuntu.com/security/notices/USN-6589-1 - https://ubuntu.com/security/notices/USN-6598-1 - https://ubuntu.com/security/notices/USN-6738-1 - https://ubuntu.com/security/notices/USN-7051-1 - https://winscp.net/eng/docs/history#6.2.2 - https://www.bitvise.com/ssh-client-version-history#933 - https://www.bitvise.com/ssh-server-version-history - https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html - https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - https://www.cve.org/CVERecord?id=CVE-2023-48795 - https://www.debian.org/security/2023/dsa-5586 - https://www.debian.org/security/2023/dsa-5588 - https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc - https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 - https://www.netsarang.com/en/xshell-update-history - https://www.netsarang.com/en/xshell-update-history/ - https://www.openssh.com/openbsd.html - https://www.openssh.com/txt/release-9.6 - https://www.openwall.com/lists/oss-security/2023/12/18/2 - https://www.openwall.com/lists/oss-security/2023/12/18/3 - https://www.openwall.com/lists/oss-security/2023/12/20/3 - https://www.paramiko.org/changelog.html - https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed - https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ - https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 - https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ - https://www.terrapin-attack.com - https://www.theregister.com/2023/12/20/terrapin_attack_ssh - https://www.vandyke.com/products/securecrt/history.txt + Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'securityContext.runAsNonRoot' to true +
+ https://avd.aquasec.com/misconfig/ksv012 +
golang.org/x/netCVE-2023-39325
Kubernetes Security Check KSV014Root file system is not read-only HIGHv0.8.00.17.0 - golang.org/x/net - https://access.redhat.com/errata/RHSA-2023:6077 - https://access.redhat.com/security/cve/CVE-2023-39325 - https://access.redhat.com/security/cve/CVE-2023-44487 - https://bugzilla.redhat.com/2242803 - https://bugzilla.redhat.com/2243296 - https://bugzilla.redhat.com/show_bug.cgi?id=2242803 - https://bugzilla.redhat.com/show_bug.cgi?id=2243296 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 - https://errata.almalinux.org/9/ALSA-2023-6077.html - https://errata.rockylinux.org/RLSA-2023:5863 - https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] - https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] - https://github.com/golang/go/issues/63417 - https://go.dev/cl/534215 - https://go.dev/cl/534235 - https://go.dev/issue/63417 - https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ - https://linux.oracle.com/cve/CVE-2023-39325.html - https://linux.oracle.com/errata/ELSA-2023-5867.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ - https://nvd.nist.gov/vuln/detail/CVE-2023-39325 - https://pkg.go.dev/vuln/GO-2023-2102 - https://security.gentoo.org/glsa/202311-09 - https://security.netapp.com/advisory/ntap-20231110-0008 - https://security.netapp.com/advisory/ntap-20231110-0008/ - https://ubuntu.com/security/notices/USN-6574-1 - https://ubuntu.com/security/notices/USN-7061-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 - https://www.cve.org/CVERecord?id=CVE-2023-39325 + Container 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'securityContext.readOnlyRootFilesystem' to true +
+ https://avd.aquasec.com/misconfig/ksv014 +
golang.org/x/netCVE-2023-3978MEDIUMv0.8.00.13.0 - https://access.redhat.com/errata/RHSA-2023:6474 - https://access.redhat.com/security/cve/CVE-2023-3978 - https://bugzilla.redhat.com/2174485 - https://bugzilla.redhat.com/2178358 - https://bugzilla.redhat.com/2178488 - https://bugzilla.redhat.com/2178492 - https://bugzilla.redhat.com/2184481 - https://bugzilla.redhat.com/2184482 - https://bugzilla.redhat.com/2184483 - https://bugzilla.redhat.com/2184484 - https://bugzilla.redhat.com/2196026 - https://bugzilla.redhat.com/2196027 - https://bugzilla.redhat.com/2196029 - https://bugzilla.redhat.com/2222167 - https://bugzilla.redhat.com/2228689 - https://errata.almalinux.org/9/ALSA-2023-6474.html - https://go.dev/cl/514896 - https://go.dev/issue/61615 - https://linux.oracle.com/cve/CVE-2023-3978.html - https://linux.oracle.com/errata/ELSA-2023-6939.html - https://nvd.nist.gov/vuln/detail/CVE-2023-3978 - https://pkg.go.dev/vuln/GO-2023-1988 - https://www.cve.org/CVERecord?id=CVE-2023-3978 +
Kubernetes Security Check KSV015CPU requests not specifiedLOWContainer 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'resources.requests.cpu' +
+ https://avd.aquasec.com/misconfig/ksv015 +
golang.org/x/netCVE-2023-44487MEDIUMv0.8.00.17.0 - http://www.openwall.com/lists/oss-security/2023/10/13/4 - http://www.openwall.com/lists/oss-security/2023/10/13/9 - http://www.openwall.com/lists/oss-security/2023/10/18/4 - http://www.openwall.com/lists/oss-security/2023/10/18/8 - http://www.openwall.com/lists/oss-security/2023/10/19/6 - http://www.openwall.com/lists/oss-security/2023/10/20/8 - https://access.redhat.com/errata/RHSA-2023:6746 - https://access.redhat.com/security/cve/CVE-2023-44487 - https://access.redhat.com/security/cve/cve-2023-44487 - https://akka.io/security/akka-http-cve-2023-44487.html - https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size - https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ - https://aws.amazon.com/security/security-bulletins/AWS-2023-011 - https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ - https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack - https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ - https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack - https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ - https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty - https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ - https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack - https://blog.vespa.ai/cve-2023-44487 - https://blog.vespa.ai/cve-2023-44487/ - https://bugzilla.proxmox.com/show_bug.cgi?id=4988 - https://bugzilla.redhat.com/2242803 - https://bugzilla.redhat.com/show_bug.cgi?id=2242803 - https://bugzilla.suse.com/show_bug.cgi?id=1216123 - https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 - https://chaos.social/@icing/111210915918780532 - https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps - https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ - https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack - https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 - https://devblogs.microsoft.com/dotnet/october-2023-updates/ - https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 - https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve - https://errata.almalinux.org/9/ALSA-2023-6746.html - https://errata.rockylinux.org/RLSA-2023:5928 - https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 - https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 - https://github.com/Azure/AKS/issues/3947 - https://github.com/Kong/kong/discussions/11741 - https://github.com/advisories/GHSA-qppj-fm5r-hxr3 - https://github.com/advisories/GHSA-vx74-f528-fxqg - https://github.com/advisories/GHSA-xpw8-rcwv-8f8p - https://github.com/akka/akka-http/issues/4323 - https://github.com/akka/akka-http/pull/4324 - https://github.com/akka/akka-http/pull/4325 - https://github.com/alibaba/tengine/issues/1872 - https://github.com/apache/apisix/issues/10320 - https://github.com/apache/httpd-site/pull/10 - https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 - https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 - https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 - https://github.com/apache/trafficserver/pull/10564 - https://github.com/apple/swift-nio-http2 - https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 - https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 - https://github.com/bcdannyboy/CVE-2023-44487 - https://github.com/caddyserver/caddy/issues/5877 - https://github.com/caddyserver/caddy/releases/tag/v2.7.5 - https://github.com/dotnet/announcements/issues/277 - https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 - https://github.com/eclipse/jetty.project/issues/10679 - https://github.com/envoyproxy/envoy/pull/30055 - https://github.com/etcd-io/etcd/issues/16740 - https://github.com/facebook/proxygen/pull/466 - https://github.com/golang/go/issues/63417 - https://github.com/grpc/grpc-go/pull/6703 - https://github.com/grpc/grpc-go/releases - https://github.com/h2o/h2o/pull/3291 - https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf - https://github.com/haproxy/haproxy/issues/2312 - https://github.com/hyperium/hyper/issues/3337 - https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 - https://github.com/junkurihara/rust-rpxy/issues/97 - https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 - https://github.com/kazu-yamamoto/http2/issues/93 - https://github.com/kubernetes/kubernetes/pull/121120 - https://github.com/line/armeria/pull/5232 - https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 - https://github.com/micrictor/http2-rst-stream - https://github.com/microsoft/CBL-Mariner/pull/6381 - https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 - https://github.com/nghttp2/nghttp2/pull/1961 - https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 - https://github.com/ninenines/cowboy/issues/1615 - https://github.com/nodejs/node/pull/50121 - https://github.com/openresty/openresty/issues/930 - https://github.com/opensearch-project/data-prepper/issues/3474 - https://github.com/oqtane/oqtane.framework/discussions/3367 - https://github.com/projectcontour/contour/pull/5826 - https://github.com/tempesta-tech/tempesta/issues/1986 - https://github.com/varnishcache/varnish-cache/issues/3996 - https://go.dev/cl/534215 - https://go.dev/cl/534235 - https://go.dev/issue/63417 - https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo - https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ - https://istio.io/latest/news/security/istio-security-2023-004 - https://istio.io/latest/news/security/istio-security-2023-004/ - https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 - https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ - https://linux.oracle.com/cve/CVE-2023-44487.html - https://linux.oracle.com/errata/ELSA-2024-1444.html - https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q - https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html - https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html - https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html - https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html - https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html - https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html - https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 - https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html - https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html - https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html - https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 - https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 - https://my.f5.com/manage/s/article/K000137106 - https://netty.io/news/2023/10/10/4-1-100-Final.html - https://news.ycombinator.com/item?id=37830987 - https://news.ycombinator.com/item?id=37830998 - https://news.ycombinator.com/item?id=37831062 - https://news.ycombinator.com/item?id=37837043 - https://nodejs.org/en/blog/vulnerability/october-2023-security-releases - https://nvd.nist.gov/vuln/detail/CVE-2023-44487 - https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response - https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ - https://pkg.go.dev/vuln/GO-2023-2102 - https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected - https://security.gentoo.org/glsa/202311-09 - https://security.netapp.com/advisory/ntap-20231016-0001 - https://security.netapp.com/advisory/ntap-20231016-0001/ - https://security.netapp.com/advisory/ntap-20240426-0007 - https://security.netapp.com/advisory/ntap-20240426-0007/ - https://security.netapp.com/advisory/ntap-20240621-0006 - https://security.netapp.com/advisory/ntap-20240621-0006/ - https://security.netapp.com/advisory/ntap-20240621-0007 - https://security.netapp.com/advisory/ntap-20240621-0007/ - https://security.paloaltonetworks.com/CVE-2023-44487 - https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 - https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 - https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 - https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 - https://ubuntu.com/security/CVE-2023-44487 - https://ubuntu.com/security/notices/USN-6427-1 - https://ubuntu.com/security/notices/USN-6427-2 - https://ubuntu.com/security/notices/USN-6438-1 - https://ubuntu.com/security/notices/USN-6505-1 - https://ubuntu.com/security/notices/USN-6574-1 - https://ubuntu.com/security/notices/USN-6754-1 - https://ubuntu.com/security/notices/USN-6994-1 - https://ubuntu.com/security/notices/USN-7067-1 - https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records - https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ - https://www.cisa.gov/known-exploited-vulnerabilities-catalog - https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 - https://www.cve.org/CVERecord?id=CVE-2023-44487 - https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event - https://www.debian.org/security/2023/dsa-5521 - https://www.debian.org/security/2023/dsa-5522 - https://www.debian.org/security/2023/dsa-5540 - https://www.debian.org/security/2023/dsa-5549 - https://www.debian.org/security/2023/dsa-5558 - https://www.debian.org/security/2023/dsa-5570 - https://www.eclipse.org/lists/jetty-announce/msg00181.html - https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 - https://www.mail-archive.com/haproxy@formilux.org/msg44134.html - https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 - https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ - https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products - https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ - https://www.openwall.com/lists/oss-security/2023/10/10/6 - https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack - https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday - https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ +
Kubernetes Security Check KSV016Memory requests not specifiedLOWContainer 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'resources.requests.memory' +
+ https://avd.aquasec.com/misconfig/ksv016 +
golang.org/x/netCVE-2023-45288MEDIUMv0.8.00.23.0 - http://www.openwall.com/lists/oss-security/2024/04/03/16 - http://www.openwall.com/lists/oss-security/2024/04/05/4 - https://access.redhat.com/errata/RHSA-2024:2724 - https://access.redhat.com/security/cve/CVE-2023-45288 - https://bugzilla.redhat.com/2268017 - https://bugzilla.redhat.com/2268018 - https://bugzilla.redhat.com/2268019 - https://bugzilla.redhat.com/2268273 - https://bugzilla.redhat.com/show_bug.cgi?id=2268017 - https://bugzilla.redhat.com/show_bug.cgi?id=2268018 - https://bugzilla.redhat.com/show_bug.cgi?id=2268019 - https://bugzilla.redhat.com/show_bug.cgi?id=2268273 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 - https://errata.almalinux.org/9/ALSA-2024-2724.html - https://errata.rockylinux.org/RLSA-2024:3346 - https://go.dev/cl/576155 - https://go.dev/issue/65051 - https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M - https://kb.cert.org/vuls/id/421644 - https://linux.oracle.com/cve/CVE-2023-45288.html - https://linux.oracle.com/errata/ELSA-2024-3346.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ - https://nowotarski.info/http2-continuation-flood-technical-details - https://nowotarski.info/http2-continuation-flood/ - https://nvd.nist.gov/vuln/detail/CVE-2023-45288 - https://pkg.go.dev/vuln/GO-2024-2687 - https://security.netapp.com/advisory/ntap-20240419-0009 - https://security.netapp.com/advisory/ntap-20240419-0009/ - https://ubuntu.com/security/notices/USN-6886-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2023-45288 - https://www.kb.cert.org/vuls/id/421644 +
Kubernetes Security Check KSV018Memory not limitedLOWContainer 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'resources.limits.memory' +
+ https://avd.aquasec.com/misconfig/ksv018 +
google.golang.org/protobufCVE-2024-24786MEDIUMv1.30.01.33.0 - http://www.openwall.com/lists/oss-security/2024/03/08/4 - https://access.redhat.com/errata/RHSA-2024:2550 - https://access.redhat.com/security/cve/CVE-2024-24786 - https://bugzilla.redhat.com/2268046 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 - https://errata.almalinux.org/9/ALSA-2024-2550.html - https://errata.rockylinux.org/RLSA-2024:2550 - https://github.com/protocolbuffers/protobuf-go - https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 - https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 - https://go-review.googlesource.com/c/protobuf/+/569356 - https://go.dev/cl/569356 - https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ - https://linux.oracle.com/cve/CVE-2024-24786.html - https://linux.oracle.com/errata/ELSA-2024-4246.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ - https://nvd.nist.gov/vuln/detail/CVE-2024-24786 - https://pkg.go.dev/vuln/GO-2024-2611 - https://security.netapp.com/advisory/ntap-20240517-0002 - https://security.netapp.com/advisory/ntap-20240517-0002/ - https://ubuntu.com/security/notices/USN-6746-1 - https://ubuntu.com/security/notices/USN-6746-2 - https://www.cve.org/CVERecord?id=CVE-2024-24786 +
Kubernetes Security Check KSV020Runs with UID <= 10000LOWContainer 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'securityContext.runAsUser' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv020 +
k8s.io/client-goCVE-2020-8565MEDIUMv0.19.10.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16 - https://access.redhat.com/security/cve/CVE-2020-8565 - https://github.com/kubernetes/client-go - https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 - https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 - https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 - https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 - https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 - https://github.com/kubernetes/kubernetes/issues/95623 - https://github.com/kubernetes/kubernetes/pull/95316 - https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk - https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ - https://nvd.nist.gov/vuln/detail/CVE-2020-8565 - https://pkg.go.dev/vuln/GO-2021-0064 - https://www.cve.org/CVERecord?id=CVE-2020-8565 - https://www.cve.org/cverecord?id=CVE-2020-8565 +
Kubernetes Security Check KSV021Runs with GID <= 10000LOWContainer 'local-path-provisioner' of Deployment 'local-path-provisioner' should set 'securityContext.runAsGroup' > 10000 +
+ https://avd.aquasec.com/misconfig/ksv021 +
stdlibCVE-2024-34156HIGHv1.22.61.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9473 - https://access.redhat.com/security/cve/CVE-2024-34156 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2318052 - https://bugzilla.redhat.com/show_bug.cgi?id=2262921 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://errata.almalinux.org/9/ALSA-2024-9473.html - https://errata.rockylinux.org/RLSA-2024:7262 - https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) - https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) - https://go.dev/cl/611239 - https://go.dev/issue/69139 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34156.html - https://linux.oracle.com/errata/ELSA-2024-9473.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34156 - https://pkg.go.dev/vuln/GO-2024-3106 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34156 +
Kubernetes Security Check KSV030Runtime/Default Seccomp profile not setLOWEither Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault' +
+ https://avd.aquasec.com/misconfig/ksv030 +
stdlibCVE-2024-34155
Kubernetes Security Check KSV104Seccomp policies disabled MEDIUMv1.22.61.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34155 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) - https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) - https://go.dev/cl/611238 - https://go.dev/issue/69138 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34155.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34155 - https://pkg.go.dev/vuln/GO-2024-3105 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34155 + container "local-path-provisioner" of deployment "local-path-provisioner" in "local-path-storage" namespace should specify a seccomp profile +
+ https://avd.aquasec.com/misconfig/ksv104 +
stdlibCVE-2024-34158MEDIUMv1.22.61.22.7, 1.23.1 - https://access.redhat.com/errata/RHSA-2024:9459 - https://access.redhat.com/security/cve/CVE-2024-34158 - https://bugzilla.redhat.com/2310527 - https://bugzilla.redhat.com/2310528 - https://bugzilla.redhat.com/2310529 - https://bugzilla.redhat.com/2315691 - https://bugzilla.redhat.com/2315887 - https://bugzilla.redhat.com/2317458 - https://bugzilla.redhat.com/2317467 - https://bugzilla.redhat.com/show_bug.cgi?id=2295310 - https://bugzilla.redhat.com/show_bug.cgi?id=2310527 - https://bugzilla.redhat.com/show_bug.cgi?id=2310528 - https://bugzilla.redhat.com/show_bug.cgi?id=2310529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 - https://errata.almalinux.org/9/ALSA-2024-9459.html - https://errata.rockylinux.org/RLSA-2024:6913 - https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) - https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) - https://go.dev/cl/611240 - https://go.dev/issue/69141 - https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc - https://groups.google.com/g/golang-dev/c/S9POB9NCTdk - https://linux.oracle.com/cve/CVE-2024-34158.html - https://linux.oracle.com/errata/ELSA-2024-9459.html - https://nvd.nist.gov/vuln/detail/CVE-2024-34158 - https://pkg.go.dev/vuln/GO-2024-3107 - https://ubuntu.com/security/notices/USN-7081-1 - https://ubuntu.com/security/notices/USN-7109-1 - https://ubuntu.com/security/notices/USN-7111-1 - https://www.cve.org/CVERecord?id=CVE-2024-34158 +
Kubernetes Security Check KSV106Container capabilities must only include NET_BIND_SERVICELOWcontainer should drop all +
+ https://avd.aquasec.com/misconfig/ksv106 +
-
-

Packages

+ +
+
+ +
+ + +
+
+
+
+
- - - - - - - - +
+

registry.k8s.io/coredns/coredns:v1.11.3 (debian 11.10)

+
+
ID - - - - Name - - - - Version - - - - SrcName - - - - SrcVersion - - - -
+ + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
tzdataDLA-3972-1UNKNOWN2024a-0+deb11u12024b-0+deb11u1 +
+
+

Packages

+
- - - - - - github.com/rancher/local-path-provisioner - v0.0.24 - - - - - - stdlib - v1.22.6 - - - - - - github.com/Sirupsen/logrus - v0.11.0 - - - - - - github.com/beorn7/perks - v1.0.1 - - - - - - github.com/cespare/xxhash/v2 - v2.1.2 - - - - - - github.com/davecgh/go-spew - v1.1.1 - - - - - - github.com/go-logr/logr - v0.2.0 - - - - - - github.com/gogo/protobuf - v1.3.1 - - - - - - github.com/golang/groupcache - v0.0.0-20200121045136-8c9f03a8e57e - - - - - - github.com/golang/protobuf - v1.5.3 - - - - - - github.com/google/go-cmp - v0.5.8 - - - - - - github.com/google/gofuzz - v1.1.0 - - - - - - github.com/google/uuid - v1.1.1 - - - - - - github.com/googleapis/gnostic - v0.4.1 - - - - - - github.com/hashicorp/golang-lru - v0.5.1 - - - - - - github.com/imdario/mergo - v0.3.5 - - - - - - github.com/json-iterator/go - v1.1.12 - - - - - - github.com/matttproud/golang_protobuf_extensions - v1.0.1 - - - - - - github.com/miekg/dns - v1.1.29 - - - - - - github.com/modern-go/concurrent - v0.0.0-20180306012644-bacd9c7ef1dd - - - - - - github.com/modern-go/reflect2 - v1.0.2 - - - - - - github.com/pkg/errors - v0.9.1 - - - - - - github.com/prometheus/client_golang - v1.11.1 - - - - - - github.com/prometheus/client_model - v0.3.0 - - - - - - github.com/prometheus/common - v0.32.1 - - - - - - github.com/prometheus/procfs - v0.8.0 - - - - - - github.com/spf13/pflag - v1.0.5 - - - - - - github.com/urfave/cli - v1.19.1 - - - - - - golang.org/x/crypto - v0.7.0 - - - - - - golang.org/x/net - v0.8.0 - - - - - - golang.org/x/oauth2 - v0.6.0 - - - - - - golang.org/x/sys - v0.6.0 - - - - - - golang.org/x/term - v0.6.0 - - - - - - golang.org/x/text - v0.8.0 - - - - - - golang.org/x/time - v0.3.0 - - - - - - google.golang.org/protobuf - v1.30.0 - - - - - - gopkg.in/inf.v0 - v0.9.1 - - - - - - gopkg.in/yaml.v2 - v2.4.0 - - - - - - k8s.io/api - v0.19.1 - - - - - - k8s.io/apimachinery - v0.19.1 - - - - - - k8s.io/client-go - v0.19.1 - - - - - - k8s.io/klog/v2 - v2.3.0 - - - - - - k8s.io/kube-openapi - v0.0.0-20200805222855-6aeccd4b50c6 - - - - - - k8s.io/utils - v0.0.0-20200729134348-d5654de09c73 - - - - - - sigs.k8s.io/sig-storage-lib-external-provisioner/v8 - v8.0.0 - - - - - - sigs.k8s.io/structured-merge-diff/v4 - v4.0.1 - - - - - - sigs.k8s.io/yaml - v1.2.0 - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
base-files@11.1+deb11u10base-files11.1+deb11u10base-files11.1+deb11u10
netbase@6.3netbase6.3netbase6.3
tzdata@2024a-0+deb11u1tzdata2024atzdata2024a
-
+ + +
+

coredns

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
github.com/golang-jwt/jwt/v4CVE-2024-51744LOWv4.5.04.5.1 + https://access.redhat.com/security/cve/CVE-2024-51744 + https://github.com/golang-jwt/jwt + https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c + https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r + https://nvd.nist.gov/vuln/detail/CVE-2024-51744 + https://www.cve.org/CVERecord?id=CVE-2024-51744 +
github.com/quic-go/quic-goCVE-2024-53259MEDIUMv0.44.00.48.2 + https://github.com/quic-go/quic-go + https://github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50 + https://github.com/quic-go/quic-go/pull/4729 + https://github.com/quic-go/quic-go/releases/tag/v0.48.2 + https://github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr + https://nvd.nist.gov/vuln/detail/CVE-2024-53259 +
stdlibCVE-2024-34156HIGHv1.21.111.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9473 + https://access.redhat.com/security/cve/CVE-2024-34156 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2318052 + https://bugzilla.redhat.com/show_bug.cgi?id=2262921 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://errata.almalinux.org/9/ALSA-2024-9473.html + https://errata.rockylinux.org/RLSA-2024:7262 + https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) + https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) + https://go.dev/cl/611239 + https://go.dev/issue/69139 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34156.html + https://linux.oracle.com/errata/ELSA-2024-9473.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34156 + https://pkg.go.dev/vuln/GO-2024-3106 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34156 +
stdlibCVE-2024-24791MEDIUMv1.21.111.21.12, 1.22.5 + https://access.redhat.com/errata/RHSA-2024:9135 + https://access.redhat.com/security/cve/CVE-2024-24791 + https://bugzilla.redhat.com/2268017 + https://bugzilla.redhat.com/2268022 + https://bugzilla.redhat.com/2279814 + https://bugzilla.redhat.com/2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://errata.almalinux.org/9/ALSA-2024-9135.html + https://errata.rockylinux.org/RLSA-2024:7349 + https://go.dev/cl/591255 + https://go.dev/issue/67555 + https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ + https://linux.oracle.com/cve/CVE-2024-24791.html + https://linux.oracle.com/errata/ELSA-2024-9115.html + https://nvd.nist.gov/vuln/detail/CVE-2024-24791 + https://pkg.go.dev/vuln/GO-2024-2963 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-24791 +
stdlibCVE-2024-34155MEDIUMv1.21.111.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34155 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) + https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) + https://go.dev/cl/611238 + https://go.dev/issue/69138 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34155.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34155 + https://pkg.go.dev/vuln/GO-2024-3105 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34155 +
stdlibCVE-2024-34158MEDIUMv1.21.111.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34158 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) + https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) + https://go.dev/cl/611240 + https://go.dev/issue/69141 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34158.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34158 + https://pkg.go.dev/vuln/GO-2024-3107 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34158 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
github.com/coredns/coredns
stdlibv1.21.11
cloud.google.com/go/compute/metadatav0.2.3
github.com/Azure/azure-sdk-for-gov68.0.0+incompatible
github.com/Azure/go-autorest/autorestv0.11.29
github.com/Azure/go-autorest/autorest/adalv0.9.22
github.com/Azure/go-autorest/autorest/azure/authv0.5.13
github.com/Azure/go-autorest/autorest/azure/cliv0.4.6
github.com/Azure/go-autorest/autorest/datev0.3.0
github.com/Azure/go-autorest/autorest/tov0.2.0
github.com/Azure/go-autorest/loggerv0.2.1
github.com/Azure/go-autorest/tracingv0.6.0
github.com/DataDog/appsec-internal-gov1.5.0
github.com/DataDog/datadog-agent/pkg/obfuscatev0.48.0
github.com/DataDog/datadog-agent/pkg/remoteconfig/statev0.48.1
github.com/DataDog/datadog-go/v5v5.3.0
github.com/DataDog/go-libddwaf/v2v2.4.2
github.com/DataDog/go-tufv1.0.2-0.5.2
github.com/DataDog/sketches-gov1.4.2
github.com/antonmedv/exprv1.15.5
github.com/apparentlymart/go-cidrv1.1.0
github.com/aws/aws-sdk-gov1.54.11
github.com/beorn7/perksv1.0.1
github.com/cespare/xxhash/v2v2.2.0
github.com/coredns/caddyv1.1.1
github.com/coreos/go-semverv0.3.0
github.com/coreos/go-systemd/v22v22.3.2
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/dimchansky/utfbomv1.1.1
github.com/dnstap/golang-dnstapv0.4.0
github.com/dustin/go-humanizev1.0.1
github.com/emicklei/go-restful/v3v3.11.0
github.com/farsightsec/golang-framestreamv0.3.0
github.com/felixge/httpsnoopv1.0.4
github.com/flynn/go-shlexv0.0.0-20150515145356-3f9db97f8568
github.com/go-logr/logrv1.4.1
github.com/go-logr/stdrv1.2.2
github.com/go-openapi/jsonpointerv0.19.6
github.com/go-openapi/jsonreferencev0.20.2
github.com/go-openapi/swagv0.22.3
github.com/gogo/protobufv1.3.2
github.com/golang-jwt/jwt/v4v4.5.0
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/s2a-gov0.1.7
github.com/google/uuidv1.6.0
github.com/googleapis/enterprise-certificate-proxyv0.3.2
github.com/googleapis/gax-go/v2v2.12.3
github.com/grpc-ecosystem/grpc-opentracingv0.0.0-20180507213350-8e809c8a8645
github.com/hashicorp/errwrapv1.1.0
github.com/hashicorp/go-multierrorv1.1.1
github.com/imdario/mergov0.3.12
github.com/infobloxopen/go-treesv0.0.0-20200715205103-96a057b8dfb9
github.com/jmespath/go-jmespathv0.4.0
github.com/josharian/internv1.0.0
github.com/json-iterator/gov1.1.12
github.com/mailru/easyjsonv0.7.7
github.com/matttproud/golang_protobuf_extensionsv1.0.4
github.com/miekg/dnsv1.1.59
github.com/mitchellh/go-homedirv1.1.0
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/opentracing-contrib/go-observerv0.0.0-20170622124052-a52f23424492
github.com/opentracing/opentracing-gov1.2.0
github.com/openzipkin-contrib/zipkin-go-opentracingv0.5.0
github.com/openzipkin/zipkin-gov0.4.3
github.com/oschwald/geoip2-golangv1.9.0
github.com/oschwald/maxminddb-golangv1.11.0
github.com/outcaste-io/ristrettov0.2.3
github.com/philhofer/fwdv1.1.2
github.com/pkg/errorsv0.9.1
github.com/prometheus/client_golangv1.19.1
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.53.0
github.com/prometheus/procfsv0.12.0
github.com/quic-go/quic-gov0.44.0
github.com/secure-systems-lab/go-securesystemslibv0.7.0
github.com/spf13/pflagv1.0.5
github.com/tinylib/msgpv1.1.8
go.etcd.io/etcd/api/v3v3.5.13
go.etcd.io/etcd/client/pkg/v3v3.5.13
go.etcd.io/etcd/client/v3v3.5.13
go.opencensus.iov0.24.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.49.0
go.opentelemetry.io/otelv1.24.0
go.opentelemetry.io/otel/metricv1.24.0
go.opentelemetry.io/otel/tracev1.24.0
go.uber.org/atomicv1.11.0
go.uber.org/multierrv1.6.0
go.uber.org/zapv1.17.0
golang.org/x/cryptov0.23.0
golang.org/x/expv0.0.0-20240506185415-9bf2ced13842
golang.org/x/netv0.25.0
golang.org/x/oauth2v0.18.0
golang.org/x/sysv0.20.0
golang.org/x/termv0.20.0
golang.org/x/textv0.15.0
golang.org/x/timev0.5.0
golang.org/x/xerrorsv0.0.0-20220907171357-04be3eba64a2
google.golang.org/apiv0.172.0
google.golang.org/genproto/googleapis/apiv0.0.0-20240311132316-a219d84964c2
google.golang.org/genproto/googleapis/rpcv0.0.0-20240415180920-8c6c420018be
google.golang.org/grpcv1.63.2
google.golang.org/protobufv1.33.0
gopkg.in/DataDog/dd-trace-go.v1v1.64.0
gopkg.in/inf.v0v0.9.1
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/apiv0.29.3
k8s.io/apimachineryv0.29.3
k8s.io/client-gov0.29.3
k8s.io/klog/v2v2.120.1
k8s.io/kube-openapiv0.0.0-20231010175941-2dd684a91f00
k8s.io/utilsv0.0.0-20230726121419-3b25d923346b
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.3.0
+ +
+

usr/local/bin/kube-scheduler

+
+ + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
github.com/opencontainers/runcCVE-2024-45310MEDIUMv1.1.131.1.14, 1.2.0-rc.3 + https://access.redhat.com/security/cve/CVE-2024-45310 + https://github.com/opencontainers/runc + https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 + https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e + https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf + https://github.com/opencontainers/runc/pull/4359 + https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv + https://nvd.nist.gov/vuln/detail/CVE-2024-45310 + https://www.cve.org/CVERecord?id=CVE-2024-45310 + https://www.openwall.com/lists/oss-security/2024/09/03/1 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
k8s.io/kubernetes
stdlibv1.22.8
github.com/NYTimes/gziphandlerv1.1.1
github.com/antlr4-go/antlr/v4v4.13.0
github.com/asaskevich/govalidatorv0.0.0-20190424111038-f61b66f89f4a
github.com/beorn7/perksv1.0.1
github.com/blang/semver/v4v4.0.0
github.com/cenkalti/backoff/v4v4.3.0
github.com/cespare/xxhash/v2v2.3.0
github.com/coreos/go-semverv0.3.1
github.com/coreos/go-systemd/v22v22.5.0
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/distribution/referencev0.5.0
github.com/emicklei/go-restful/v3v3.11.0
github.com/felixge/httpsnoopv1.0.4
github.com/fsnotify/fsnotifyv1.7.0
github.com/fxamacker/cbor/v2v2.7.0
github.com/go-logr/logrv1.4.2
github.com/go-logr/stdrv1.2.2
github.com/go-logr/zaprv1.3.0
github.com/go-openapi/jsonpointerv0.19.6
github.com/go-openapi/jsonreferencev0.20.2
github.com/go-openapi/swagv0.22.4
github.com/gogo/protobufv1.3.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/cel-gov0.20.1
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/uuidv1.6.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.20.0
github.com/imdario/mergov0.3.6
github.com/josharian/internv1.0.0
github.com/json-iterator/gov1.1.12
github.com/mailru/easyjsonv0.7.7
github.com/moby/sys/mountinfov0.7.1
github.com/moby/termv0.5.0
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/opencontainers/go-digestv1.0.0
github.com/opencontainers/runcv1.1.13
github.com/opencontainers/selinuxv1.11.0
github.com/pkg/errorsv0.9.1
github.com/prometheus/client_golangv1.19.1
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.55.0
github.com/prometheus/procfsv0.15.1
github.com/spf13/cobrav1.8.1
github.com/spf13/pflagv1.0.5
github.com/stoewer/go-strcasev1.2.0
github.com/x448/float16v0.8.4
go.etcd.io/etcd/api/v3v3.5.14
go.etcd.io/etcd/client/pkg/v3v3.5.14
go.etcd.io/etcd/client/v3v3.5.14
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.53.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.53.0
go.opentelemetry.io/otelv1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.27.0
go.opentelemetry.io/otel/metricv1.28.0
go.opentelemetry.io/otel/sdkv1.28.0
go.opentelemetry.io/otel/tracev1.28.0
go.opentelemetry.io/proto/otlpv1.3.1
go.uber.org/multierrv1.11.0
go.uber.org/zapv1.26.0
golang.org/x/cryptov0.24.0
golang.org/x/expv0.0.0-20230515195305-f3d0a9c9a5cc
golang.org/x/netv0.26.0
golang.org/x/oauth2v0.21.0
golang.org/x/syncv0.7.0
golang.org/x/sysv0.21.0
golang.org/x/termv0.21.0
golang.org/x/textv0.16.0
golang.org/x/timev0.3.0
google.golang.org/genproto/googleapis/apiv0.0.0-20240528184218-531527333157
google.golang.org/genproto/googleapis/rpcv0.0.0-20240701130421-f6361c86f094
google.golang.org/grpcv1.65.0
google.golang.org/protobufv1.34.2
gopkg.in/evanphx/json-patch.v4v4.12.0
gopkg.in/inf.v0v0.9.1
gopkg.in/natefinch/lumberjack.v2v2.2.1
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/api
k8s.io/apiextensions-apiserver
k8s.io/apimachinery
k8s.io/apiserver
k8s.io/client-go
k8s.io/cloud-provider
k8s.io/component-base
k8s.io/component-helpers
k8s.io/controller-manager
k8s.io/csi-translation-lib
k8s.io/dynamic-resource-allocation
k8s.io/klog/v2v2.130.1
k8s.io/kms
k8s.io/kube-openapiv0.0.0-20240228011516-70dd3763d340
k8s.io/kube-scheduler
k8s.io/kubelet
k8s.io/mount-utils
k8s.io/utilsv0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/apiserver-network-proxy/konnectivity-clientv0.30.3
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.4.0
+ +
+

docker.io/kindest/kindnetd:v20241023-a345ebe4 (debian 12.5)

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
coreutilsCVE-2016-2781LOW9.1-1 + http://seclists.org/oss-sec/2016/q1/452 + http://www.openwall.com/lists/oss-security/2016/02/28/2 + http://www.openwall.com/lists/oss-security/2016/02/28/3 + https://access.redhat.com/security/cve/CVE-2016-2781 + https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E + https://lore.kernel.org/patchwork/patch/793178/ + https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes + https://nvd.nist.gov/vuln/detail/CVE-2016-2781 + https://www.cve.org/CVERecord?id=CVE-2016-2781 +
coreutilsCVE-2017-18018LOW9.1-1 + http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html + https://access.redhat.com/security/cve/CVE-2017-18018 + https://nvd.nist.gov/vuln/detail/CVE-2017-18018 + https://www.cve.org/CVERecord?id=CVE-2017-18018 +
iptablesCVE-2012-2663LOW1.8.9-2 + http://www.spinics.net/lists/netfilter-devel/msg21248.html + https://access.redhat.com/security/cve/CVE-2012-2663 + https://bugzilla.redhat.com/show_bug.cgi?id=826702 + https://nvd.nist.gov/vuln/detail/CVE-2012-2663 + https://www.cve.org/CVERecord?id=CVE-2012-2663 +
libc6CVE-2010-4756LOW2.36-9+deb12u7 + http://cxib.net/stuff/glob-0day.c + http://securityreason.com/achievement_securityalert/89 + http://securityreason.com/exploitalert/9223 + https://access.redhat.com/security/cve/CVE-2010-4756 + https://bugzilla.redhat.com/show_bug.cgi?id=681681 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756 + https://nvd.nist.gov/vuln/detail/CVE-2010-4756 + https://www.cve.org/CVERecord?id=CVE-2010-4756 +
libc6CVE-2018-20796LOW2.36-9+deb12u7 + http://www.securityfocus.com/bid/107160 + https://access.redhat.com/security/cve/CVE-2018-20796 + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 + https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html + https://nvd.nist.gov/vuln/detail/CVE-2018-20796 + https://security.netapp.com/advisory/ntap-20190315-0002/ + https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS + https://www.cve.org/CVERecord?id=CVE-2018-20796 +
libc6CVE-2019-1010022LOW2.36-9+deb12u7 + https://access.redhat.com/security/cve/CVE-2019-1010022 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 + https://security-tracker.debian.org/tracker/CVE-2019-1010022 + https://sourceware.org/bugzilla/show_bug.cgi?id=22850 + https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3 + https://ubuntu.com/security/CVE-2019-1010022 + https://www.cve.org/CVERecord?id=CVE-2019-1010022 +
libc6CVE-2019-1010023LOW2.36-9+deb12u7 + http://www.securityfocus.com/bid/109167 + https://access.redhat.com/security/cve/CVE-2019-1010023 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010023 + https://security-tracker.debian.org/tracker/CVE-2019-1010023 + https://sourceware.org/bugzilla/show_bug.cgi?id=22851 + https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS + https://ubuntu.com/security/CVE-2019-1010023 + https://www.cve.org/CVERecord?id=CVE-2019-1010023 +
libc6CVE-2019-1010024LOW2.36-9+deb12u7 + http://www.securityfocus.com/bid/109162 + https://access.redhat.com/security/cve/CVE-2019-1010024 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010024 + https://security-tracker.debian.org/tracker/CVE-2019-1010024 + https://sourceware.org/bugzilla/show_bug.cgi?id=22852 + https://support.f5.com/csp/article/K06046097 + https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS + https://ubuntu.com/security/CVE-2019-1010024 + https://www.cve.org/CVERecord?id=CVE-2019-1010024 +
libc6CVE-2019-1010025LOW2.36-9+deb12u7 + https://access.redhat.com/security/cve/CVE-2019-1010025 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010025 + https://security-tracker.debian.org/tracker/CVE-2019-1010025 + https://sourceware.org/bugzilla/show_bug.cgi?id=22853 + https://support.f5.com/csp/article/K06046097 + https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS + https://ubuntu.com/security/CVE-2019-1010025 + https://www.cve.org/CVERecord?id=CVE-2019-1010025 +
libc6CVE-2019-9192LOW2.36-9+deb12u7 + https://access.redhat.com/security/cve/CVE-2019-9192 + https://nvd.nist.gov/vuln/detail/CVE-2019-9192 + https://sourceware.org/bugzilla/show_bug.cgi?id=24269 + https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS + https://www.cve.org/CVERecord?id=CVE-2019-9192 +
libip4tc2CVE-2012-2663LOW1.8.9-2 + http://www.spinics.net/lists/netfilter-devel/msg21248.html + https://access.redhat.com/security/cve/CVE-2012-2663 + https://bugzilla.redhat.com/show_bug.cgi?id=826702 + https://nvd.nist.gov/vuln/detail/CVE-2012-2663 + https://www.cve.org/CVERecord?id=CVE-2012-2663 +
libip6tc2CVE-2012-2663LOW1.8.9-2 + http://www.spinics.net/lists/netfilter-devel/msg21248.html + https://access.redhat.com/security/cve/CVE-2012-2663 + https://bugzilla.redhat.com/show_bug.cgi?id=826702 + https://nvd.nist.gov/vuln/detail/CVE-2012-2663 + https://www.cve.org/CVERecord?id=CVE-2012-2663 +
libjansson4CVE-2020-36325LOW2.14-2 + https://access.redhat.com/security/cve/CVE-2020-36325 + https://github.com/akheron/jansson/issues/548 + https://nvd.nist.gov/vuln/detail/CVE-2020-36325 + https://www.cve.org/CVERecord?id=CVE-2020-36325 +
libssl3CVE-2023-5678MEDIUM3.0.11-1~deb12u23.0.13-1~deb12u1 + https://access.redhat.com/errata/RHSA-2024:2447 + https://access.redhat.com/security/cve/CVE-2023-5678 + https://bugzilla.redhat.com/2223016 + https://bugzilla.redhat.com/2224962 + https://bugzilla.redhat.com/2227852 + https://bugzilla.redhat.com/2248616 + https://bugzilla.redhat.com/2257571 + https://bugzilla.redhat.com/2258502 + https://bugzilla.redhat.com/2259944 + https://errata.almalinux.org/9/ALSA-2024-2447.html + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 + https://linux.oracle.com/cve/CVE-2023-5678.html + https://linux.oracle.com/errata/ELSA-2024-2447.html + https://nvd.nist.gov/vuln/detail/CVE-2023-5678 + https://ubuntu.com/security/notices/USN-6622-1 + https://ubuntu.com/security/notices/USN-6632-1 + https://ubuntu.com/security/notices/USN-6709-1 + https://www.cve.org/CVERecord?id=CVE-2023-5678 + https://www.openssl.org/news/secadv/20231106.txt +
libssl3CVE-2023-6129MEDIUM3.0.11-1~deb12u23.0.13-1~deb12u1 + https://access.redhat.com/errata/RHSA-2024:9088 + https://access.redhat.com/security/cve/CVE-2023-6129 + https://bugzilla.redhat.com/2257571 + https://bugzilla.redhat.com/2258502 + https://bugzilla.redhat.com/2259944 + https://bugzilla.redhat.com/2284243 + https://errata.almalinux.org/9/ALSA-2024-9088.html + https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35 + https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04 + https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015 + https://linux.oracle.com/cve/CVE-2023-6129.html + https://linux.oracle.com/errata/ELSA-2024-9088.html + https://nvd.nist.gov/vuln/detail/CVE-2023-6129 + https://ubuntu.com/security/notices/USN-6622-1 + https://www.cve.org/CVERecord?id=CVE-2023-6129 + https://www.openssl.org/news/secadv/20240109.txt + https://www.openwall.com/lists/oss-security/2024/01/09/1 +
libssl3CVE-2023-6237MEDIUM3.0.11-1~deb12u23.0.13-1~deb12u1 + https://access.redhat.com/errata/RHSA-2024:9088 + https://access.redhat.com/security/cve/CVE-2023-6237 + https://bugzilla.redhat.com/2257571 + https://bugzilla.redhat.com/2258502 + https://bugzilla.redhat.com/2259944 + https://bugzilla.redhat.com/2284243 + https://errata.almalinux.org/9/ALSA-2024-9088.html + https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d + https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a + https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294 + https://linux.oracle.com/cve/CVE-2023-6237.html + https://linux.oracle.com/errata/ELSA-2024-9088.html + https://nvd.nist.gov/vuln/detail/CVE-2023-6237 + https://ubuntu.com/security/notices/USN-6622-1 + https://www.cve.org/CVERecord?id=CVE-2023-6237 + https://www.openssl.org/news/secadv/20240115.txt + https://www.openwall.com/lists/oss-security/2024/01/15/2 +
libssl3CVE-2024-0727MEDIUM3.0.11-1~deb12u23.0.13-1~deb12u1 + http://www.openwall.com/lists/oss-security/2024/03/11/1 + https://access.redhat.com/errata/RHSA-2024:9088 + https://access.redhat.com/security/cve/CVE-2024-0727 + https://bugzilla.redhat.com/2257571 + https://bugzilla.redhat.com/2258502 + https://bugzilla.redhat.com/2259944 + https://bugzilla.redhat.com/2284243 + https://errata.almalinux.org/9/ALSA-2024-9088.html + https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2 + https://github.com/github/advisory-database/pull/3472 + https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 + https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a + https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c + https://github.com/openssl/openssl/pull/23362 + https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d + https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 + https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 + https://linux.oracle.com/cve/CVE-2024-0727.html + https://linux.oracle.com/errata/ELSA-2024-9088.html + https://nvd.nist.gov/vuln/detail/CVE-2024-0727 + https://security.netapp.com/advisory/ntap-20240208-0006 + https://ubuntu.com/security/notices/USN-6622-1 + https://ubuntu.com/security/notices/USN-6632-1 + https://ubuntu.com/security/notices/USN-6709-1 + https://ubuntu.com/security/notices/USN-7018-1 + https://www.cve.org/CVERecord?id=CVE-2024-0727 + https://www.openssl.org/news/secadv/20240125.txt +
libssl3CVE-2024-4603MEDIUM3.0.11-1~deb12u23.0.14-1~deb12u1 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-4603 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397 + https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e + https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d + https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740 + https://linux.oracle.com/cve/CVE-2024-4603.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-4603 + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-4603 + https://www.openssl.org/news/secadv/20240516.txt +
libssl3CVE-2024-4741MEDIUM3.0.11-1~deb12u23.0.14-1~deb12u1 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-4741 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177 + https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d + https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac + https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8 + https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4 + https://linux.oracle.com/cve/CVE-2024-4741.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-4741 + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-4741 + https://www.openssl.org/news/secadv/20240528.txt +
libssl3CVE-2024-5535MEDIUM3.0.11-1~deb12u23.0.15-1~deb12u1 + http://www.openwall.com/lists/oss-security/2024/06/27/1 + http://www.openwall.com/lists/oss-security/2024/06/28/4 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-5535 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://bugzilla.redhat.com/show_bug.cgi?id=2294581 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://errata.rockylinux.org/RLSA-2024:7848 + https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37 + https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e + https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c + https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c + https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c + https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 + https://linux.oracle.com/cve/CVE-2024-5535.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-5535 + https://openssl.org/news/secadv/20240627.txt + https://security.netapp.com/advisory/ntap-20240712-0005/ + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-5535 + https://www.openssl.org/news/secadv/20240627.txt + https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL +
libssl3CVE-2024-6119MEDIUM3.0.11-1~deb12u23.0.14-1~deb12u2 + https://access.redhat.com/errata/RHSA-2024:8935 + https://access.redhat.com/security/cve/CVE-2024-6119 + https://bugzilla.redhat.com/2306158 + https://bugzilla.redhat.com/show_bug.cgi?id=2306158 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119 + https://errata.almalinux.org/9/ALSA-2024-8935.html + https://errata.rockylinux.org/RLSA-2024:6783 + https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f + https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6 + https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2 + https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0 + https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj + https://linux.oracle.com/cve/CVE-2024-6119.html + https://linux.oracle.com/errata/ELSA-2024-8935.html + https://nvd.nist.gov/vuln/detail/CVE-2024-6119 + https://openssl-library.org/news/secadv/20240903.txt + https://ubuntu.com/security/notices/USN-6986-1 + https://www.cve.org/CVERecord?id=CVE-2024-6119 +
libssl3CVE-2024-2511LOW3.0.11-1~deb12u23.0.14-1~deb12u1 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-2511 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce + https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d + https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 + https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640 + https://linux.oracle.com/cve/CVE-2024-2511.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-2511 + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-2511 + https://www.openssl.org/news/secadv/20240408.txt + https://www.openssl.org/news/vulnerabilities.html +
libssl3CVE-2024-9143LOW3.0.11-1~deb12u23.0.15-1~deb12u1 + https://access.redhat.com/security/cve/CVE-2024-9143 + https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 + https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 + https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 + https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 + https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a + https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 + https://nvd.nist.gov/vuln/detail/CVE-2024-9143 + https://openssl-library.org/news/secadv/20241016.txt + https://www.cve.org/CVERecord?id=CVE-2024-9143 +
libxtables12CVE-2012-2663LOW1.8.9-2 + http://www.spinics.net/lists/netfilter-devel/msg21248.html + https://access.redhat.com/security/cve/CVE-2012-2663 + https://bugzilla.redhat.com/show_bug.cgi?id=826702 + https://nvd.nist.gov/vuln/detail/CVE-2012-2663 + https://www.cve.org/CVERecord?id=CVE-2012-2663 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
base-files@12.4+deb12u5base-files12.4+deb12u5base-files12.4+deb12u5
conntrack@1:1.4.7-1+b2conntrack1.4.7conntrack-tools1.4.7
coreutils@9.1-1coreutils9.1coreutils9.1
ebtables@2.0.11-5ebtables2.0.11ebtables2.0.11
ipset@7.17-1ipset7.17ipset7.17
iptables@1.8.9-2iptables1.8.9iptables1.8.9
kmod@30+20221128-1kmod30+20221128kmod30+20221128
libbsd0@0.11.7-2libbsd00.11.7libbsd0.11.7
libc6@2.36-9+deb12u7libc62.36glibc2.36
libedit2@3.1-20221030-2libedit23.1-20221030libedit3.1-20221030
libgmp10@2:6.2.1+dfsg1-1.1libgmp106.2.1+dfsg1gmp6.2.1+dfsg1
libip4tc2@1.8.9-2libip4tc21.8.9iptables1.8.9
libip6tc2@1.8.9-2libip6tc21.8.9iptables1.8.9
libipset13@7.17-1libipset137.17ipset7.17
libjansson4@2.14-2libjansson42.14jansson2.14
libkmod2@30+20221128-1libkmod230+20221128kmod30+20221128
libmd0@1.0.4-2libmd01.0.4libmd1.0.4
libmnl0@1.0.4-3libmnl01.0.4libmnl1.0.4
libnetfilter-conntrack3@1.0.9-3libnetfilter-conntrack31.0.9libnetfilter-conntrack1.0.9
libnfnetlink0@1.0.2-2libnfnetlink01.0.2libnfnetlink1.0.2
libnftables1@1.0.6-2+deb12u2libnftables11.0.6nftables1.0.6
libnftnl11@1.2.4-2libnftnl111.2.4libnftnl1.2.4
libpcre2-8-0@10.42-1libpcre2-8-010.42pcre210.42
libssl3@3.0.11-1~deb12u2libssl33.0.11openssl3.0.11
libxtables12@1.8.9-2libxtables121.8.9iptables1.8.9
libzstd1@1.5.4+dfsg2-5libzstd11.5.4+dfsg2libzstd1.5.4+dfsg2
netbase@6.4netbase6.4netbase6.4
nftables@1.0.6-2+deb12u2nftables1.0.6nftables1.0.6
tzdata@2024a-0+deb12u1tzdata2024atzdata2024a
+ +
+

bin/kindnetd

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
stdlibCVE-2024-34156HIGHv1.22.61.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9473 + https://access.redhat.com/security/cve/CVE-2024-34156 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2318052 + https://bugzilla.redhat.com/show_bug.cgi?id=2262921 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://errata.almalinux.org/9/ALSA-2024-9473.html + https://errata.rockylinux.org/RLSA-2024:7262 + https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) + https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) + https://go.dev/cl/611239 + https://go.dev/issue/69139 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34156.html + https://linux.oracle.com/errata/ELSA-2024-9473.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34156 + https://pkg.go.dev/vuln/GO-2024-3106 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34156 +
stdlibCVE-2024-34155MEDIUMv1.22.61.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34155 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) + https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) + https://go.dev/cl/611238 + https://go.dev/issue/69138 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34155.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34155 + https://pkg.go.dev/vuln/GO-2024-3105 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34155 +
stdlibCVE-2024-34158MEDIUMv1.22.61.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34158 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) + https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) + https://go.dev/cl/611240 + https://go.dev/issue/69141 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34158.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34158 + https://pkg.go.dev/vuln/GO-2024-3107 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34158 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
sigs.k8s.io/kind/images/kindnetd
stdlibv1.22.6
github.com/beorn7/perksv1.0.1
github.com/cespare/xxhash/v2v2.3.0
github.com/coreos/go-iptablesv0.8.0
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/emicklei/go-restful/v3v3.12.1
github.com/florianl/go-nfqueuev1.3.2
github.com/fxamacker/cbor/v2v2.7.0
github.com/go-logr/logrv1.4.2
github.com/go-openapi/jsonpointerv0.21.0
github.com/go-openapi/jsonreferencev0.21.0
github.com/go-openapi/swagv0.23.0
github.com/gogo/protobufv1.3.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/uuidv1.6.0
github.com/josharian/internv1.0.0
github.com/josharian/nativev1.1.0
github.com/json-iterator/gov1.1.12
github.com/mailru/easyjsonv0.7.7
github.com/mdlayher/netlinkv1.7.2
github.com/mdlayher/socketv0.5.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/prometheus/client_golangv1.20.5
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.60.0
github.com/prometheus/procfsv0.15.1
github.com/vishvananda/netlinkv1.3.0
github.com/vishvananda/netnsv0.0.4
github.com/x448/float16v0.8.4
golang.org/x/netv0.30.0
golang.org/x/oauth2v0.23.0
golang.org/x/syncv0.8.0
golang.org/x/sysv0.26.0
golang.org/x/termv0.25.0
golang.org/x/textv0.19.0
golang.org/x/timev0.7.0
google.golang.org/protobufv1.35.1
gopkg.in/inf.v0v0.9.1
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/apiv0.31.1
k8s.io/apimachineryv0.31.1
k8s.io/client-gov0.31.1
k8s.io/klog/v2v2.130.1
k8s.io/kube-openapiv0.0.0-20240903163716-9e1beecbcb38
k8s.io/utilsv0.0.0-20240921022957-49e7df575cb6
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/knftablesv0.0.17
sigs.k8s.io/kube-network-policiesv0.6.1-0.20241023163654-4320aa92e3f0
sigs.k8s.io/network-policy-apiv0.1.5
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.4.0
+ +
+

go-runner

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
stdlibCVE-2024-34156HIGHv1.22.41.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9473 + https://access.redhat.com/security/cve/CVE-2024-34156 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2318052 + https://bugzilla.redhat.com/show_bug.cgi?id=2262921 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://errata.almalinux.org/9/ALSA-2024-9473.html + https://errata.rockylinux.org/RLSA-2024:7262 + https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) + https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) + https://go.dev/cl/611239 + https://go.dev/issue/69139 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34156.html + https://linux.oracle.com/errata/ELSA-2024-9473.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34156 + https://pkg.go.dev/vuln/GO-2024-3106 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34156 +
stdlibCVE-2024-24791MEDIUMv1.22.41.21.12, 1.22.5 + https://access.redhat.com/errata/RHSA-2024:9135 + https://access.redhat.com/security/cve/CVE-2024-24791 + https://bugzilla.redhat.com/2268017 + https://bugzilla.redhat.com/2268022 + https://bugzilla.redhat.com/2279814 + https://bugzilla.redhat.com/2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://errata.almalinux.org/9/ALSA-2024-9135.html + https://errata.rockylinux.org/RLSA-2024:7349 + https://go.dev/cl/591255 + https://go.dev/issue/67555 + https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ + https://linux.oracle.com/cve/CVE-2024-24791.html + https://linux.oracle.com/errata/ELSA-2024-9115.html + https://nvd.nist.gov/vuln/detail/CVE-2024-24791 + https://pkg.go.dev/vuln/GO-2024-2963 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-24791 +
stdlibCVE-2024-34155MEDIUMv1.22.41.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34155 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) + https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) + https://go.dev/cl/611238 + https://go.dev/issue/69138 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34155.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34155 + https://pkg.go.dev/vuln/GO-2024-3105 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34155 +
stdlibCVE-2024-34158MEDIUMv1.22.41.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34158 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) + https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) + https://go.dev/cl/611240 + https://go.dev/issue/69141 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34158.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34158 + https://pkg.go.dev/vuln/GO-2024-3107 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34158 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
k8s.io/release/images/build/go-runner
stdlibv1.22.4
+ +
+

registry.k8s.io/kube-proxy:v1.31.2 (debian 12.7)

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
coreutilsCVE-2016-2781LOW9.1-1 + http://seclists.org/oss-sec/2016/q1/452 + http://www.openwall.com/lists/oss-security/2016/02/28/2 + http://www.openwall.com/lists/oss-security/2016/02/28/3 + https://access.redhat.com/security/cve/CVE-2016-2781 + https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E + https://lore.kernel.org/patchwork/patch/793178/ + https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes + https://nvd.nist.gov/vuln/detail/CVE-2016-2781 + https://www.cve.org/CVERecord?id=CVE-2016-2781 +
coreutilsCVE-2017-18018LOW9.1-1 + http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html + https://access.redhat.com/security/cve/CVE-2017-18018 + https://nvd.nist.gov/vuln/detail/CVE-2017-18018 + https://www.cve.org/CVERecord?id=CVE-2017-18018 +
iptablesCVE-2012-2663LOW1.8.9-2 + http://www.spinics.net/lists/netfilter-devel/msg21248.html + https://access.redhat.com/security/cve/CVE-2012-2663 + https://bugzilla.redhat.com/show_bug.cgi?id=826702 + https://nvd.nist.gov/vuln/detail/CVE-2012-2663 + https://www.cve.org/CVERecord?id=CVE-2012-2663 +
libc6CVE-2010-4756LOW2.36-9+deb12u8 + http://cxib.net/stuff/glob-0day.c + http://securityreason.com/achievement_securityalert/89 + http://securityreason.com/exploitalert/9223 + https://access.redhat.com/security/cve/CVE-2010-4756 + https://bugzilla.redhat.com/show_bug.cgi?id=681681 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756 + https://nvd.nist.gov/vuln/detail/CVE-2010-4756 + https://www.cve.org/CVERecord?id=CVE-2010-4756 +
libc6CVE-2018-20796LOW2.36-9+deb12u8 + http://www.securityfocus.com/bid/107160 + https://access.redhat.com/security/cve/CVE-2018-20796 + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 + https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html + https://nvd.nist.gov/vuln/detail/CVE-2018-20796 + https://security.netapp.com/advisory/ntap-20190315-0002/ + https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS + https://www.cve.org/CVERecord?id=CVE-2018-20796 +
libc6CVE-2019-1010022LOW2.36-9+deb12u8 + https://access.redhat.com/security/cve/CVE-2019-1010022 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 + https://security-tracker.debian.org/tracker/CVE-2019-1010022 + https://sourceware.org/bugzilla/show_bug.cgi?id=22850 + https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3 + https://ubuntu.com/security/CVE-2019-1010022 + https://www.cve.org/CVERecord?id=CVE-2019-1010022 +
libc6CVE-2019-1010023LOW2.36-9+deb12u8 + http://www.securityfocus.com/bid/109167 + https://access.redhat.com/security/cve/CVE-2019-1010023 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010023 + https://security-tracker.debian.org/tracker/CVE-2019-1010023 + https://sourceware.org/bugzilla/show_bug.cgi?id=22851 + https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS + https://ubuntu.com/security/CVE-2019-1010023 + https://www.cve.org/CVERecord?id=CVE-2019-1010023 +
libc6CVE-2019-1010024LOW2.36-9+deb12u8 + http://www.securityfocus.com/bid/109162 + https://access.redhat.com/security/cve/CVE-2019-1010024 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010024 + https://security-tracker.debian.org/tracker/CVE-2019-1010024 + https://sourceware.org/bugzilla/show_bug.cgi?id=22852 + https://support.f5.com/csp/article/K06046097 + https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS + https://ubuntu.com/security/CVE-2019-1010024 + https://www.cve.org/CVERecord?id=CVE-2019-1010024 +
libc6CVE-2019-1010025LOW2.36-9+deb12u8 + https://access.redhat.com/security/cve/CVE-2019-1010025 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010025 + https://security-tracker.debian.org/tracker/CVE-2019-1010025 + https://sourceware.org/bugzilla/show_bug.cgi?id=22853 + https://support.f5.com/csp/article/K06046097 + https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS + https://ubuntu.com/security/CVE-2019-1010025 + https://www.cve.org/CVERecord?id=CVE-2019-1010025 +
libc6CVE-2019-9192LOW2.36-9+deb12u8 + https://access.redhat.com/security/cve/CVE-2019-9192 + https://nvd.nist.gov/vuln/detail/CVE-2019-9192 + https://sourceware.org/bugzilla/show_bug.cgi?id=24269 + https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS + https://www.cve.org/CVERecord?id=CVE-2019-9192 +
libip4tc2CVE-2012-2663LOW1.8.9-2 + http://www.spinics.net/lists/netfilter-devel/msg21248.html + https://access.redhat.com/security/cve/CVE-2012-2663 + https://bugzilla.redhat.com/show_bug.cgi?id=826702 + https://nvd.nist.gov/vuln/detail/CVE-2012-2663 + https://www.cve.org/CVERecord?id=CVE-2012-2663 +
libip6tc2CVE-2012-2663LOW1.8.9-2 + http://www.spinics.net/lists/netfilter-devel/msg21248.html + https://access.redhat.com/security/cve/CVE-2012-2663 + https://bugzilla.redhat.com/show_bug.cgi?id=826702 + https://nvd.nist.gov/vuln/detail/CVE-2012-2663 + https://www.cve.org/CVERecord?id=CVE-2012-2663 +
libjansson4CVE-2020-36325LOW2.14-2 + https://access.redhat.com/security/cve/CVE-2020-36325 + https://github.com/akheron/jansson/issues/548 + https://nvd.nist.gov/vuln/detail/CVE-2020-36325 + https://www.cve.org/CVERecord?id=CVE-2020-36325 +
libssl3CVE-2024-5535MEDIUM3.0.14-1~deb12u23.0.15-1~deb12u1 + http://www.openwall.com/lists/oss-security/2024/06/27/1 + http://www.openwall.com/lists/oss-security/2024/06/28/4 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-5535 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://bugzilla.redhat.com/show_bug.cgi?id=2294581 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://errata.rockylinux.org/RLSA-2024:7848 + https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37 + https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e + https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c + https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c + https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c + https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 + https://linux.oracle.com/cve/CVE-2024-5535.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-5535 + https://openssl.org/news/secadv/20240627.txt + https://security.netapp.com/advisory/ntap-20240712-0005/ + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-5535 + https://www.openssl.org/news/secadv/20240627.txt + https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL +
libssl3CVE-2024-9143LOW3.0.14-1~deb12u23.0.15-1~deb12u1 + https://access.redhat.com/security/cve/CVE-2024-9143 + https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 + https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 + https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 + https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 + https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a + https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 + https://nvd.nist.gov/vuln/detail/CVE-2024-9143 + https://openssl-library.org/news/secadv/20241016.txt + https://www.cve.org/CVERecord?id=CVE-2024-9143 +
libxtables12CVE-2012-2663LOW1.8.9-2 + http://www.spinics.net/lists/netfilter-devel/msg21248.html + https://access.redhat.com/security/cve/CVE-2012-2663 + https://bugzilla.redhat.com/show_bug.cgi?id=826702 + https://nvd.nist.gov/vuln/detail/CVE-2012-2663 + https://www.cve.org/CVERecord?id=CVE-2012-2663 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
base-files@12.4+deb12u7base-files12.4+deb12u7base-files12.4+deb12u7
conntrack@1:1.4.7-1+b2conntrack1.4.7conntrack-tools1.4.7
coreutils@9.1-1coreutils9.1coreutils9.1
ebtables@2.0.11-5ebtables2.0.11ebtables2.0.11
ipset@7.17-1ipset7.17ipset7.17
iptables@1.8.9-2iptables1.8.9iptables1.8.9
kmod@30+20221128-1kmod30+20221128kmod30+20221128
libbsd0@0.11.7-2libbsd00.11.7libbsd0.11.7
libc6@2.36-9+deb12u8libc62.36glibc2.36
libedit2@3.1-20221030-2libedit23.1-20221030libedit3.1-20221030
libgmp10@2:6.2.1+dfsg1-1.1libgmp106.2.1+dfsg1gmp6.2.1+dfsg1
libip4tc2@1.8.9-2libip4tc21.8.9iptables1.8.9
libip6tc2@1.8.9-2libip6tc21.8.9iptables1.8.9
libipset13@7.17-1libipset137.17ipset7.17
libjansson4@2.14-2libjansson42.14jansson2.14
libkmod2@30+20221128-1libkmod230+20221128kmod30+20221128
libmd0@1.0.4-2libmd01.0.4libmd1.0.4
libmnl0@1.0.4-3libmnl01.0.4libmnl1.0.4
libnetfilter-conntrack3@1.0.9-3libnetfilter-conntrack31.0.9libnetfilter-conntrack1.0.9
libnfnetlink0@1.0.2-2libnfnetlink01.0.2libnfnetlink1.0.2
libnftables1@1.0.6-2+deb12u2libnftables11.0.6nftables1.0.6
libnftnl11@1.2.4-2libnftnl111.2.4libnftnl1.2.4
libpcre2-8-0@10.42-1libpcre2-8-010.42pcre210.42
libssl3@3.0.14-1~deb12u2libssl33.0.14openssl3.0.14
libxtables12@1.8.9-2libxtables121.8.9iptables1.8.9
libzstd1@1.5.4+dfsg2-5libzstd11.5.4+dfsg2libzstd1.5.4+dfsg2
netbase@6.4netbase6.4netbase6.4
nftables@1.0.6-2+deb12u2nftables1.0.6nftables1.0.6
tzdata@2024a-0+deb12u1tzdata2024atzdata2024a
+ +
+

usr/local/bin/kube-proxy

+
+ + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
github.com/opencontainers/runcCVE-2024-45310MEDIUMv1.1.131.1.14, 1.2.0-rc.3 + https://access.redhat.com/security/cve/CVE-2024-45310 + https://github.com/opencontainers/runc + https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 + https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e + https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf + https://github.com/opencontainers/runc/pull/4359 + https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv + https://nvd.nist.gov/vuln/detail/CVE-2024-45310 + https://www.cve.org/CVERecord?id=CVE-2024-45310 + https://www.openwall.com/lists/oss-security/2024/09/03/1 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
k8s.io/kubernetes
stdlibv1.22.8
github.com/NYTimes/gziphandlerv1.1.1
github.com/antlr4-go/antlr/v4v4.13.0
github.com/asaskevich/govalidatorv0.0.0-20190424111038-f61b66f89f4a
github.com/beorn7/perksv1.0.1
github.com/blang/semver/v4v4.0.0
github.com/cenkalti/backoff/v4v4.3.0
github.com/cespare/xxhash/v2v2.3.0
github.com/coreos/go-semverv0.3.1
github.com/coreos/go-systemd/v22v22.5.0
github.com/cyphar/filepath-securejoinv0.2.4
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/distribution/referencev0.5.0
github.com/emicklei/go-restful/v3v3.11.0
github.com/felixge/httpsnoopv1.0.4
github.com/fsnotify/fsnotifyv1.7.0
github.com/fxamacker/cbor/v2v2.7.0
github.com/go-logr/logrv1.4.2
github.com/go-logr/stdrv1.2.2
github.com/go-logr/zaprv1.3.0
github.com/go-openapi/jsonpointerv0.19.6
github.com/go-openapi/jsonreferencev0.20.2
github.com/go-openapi/swagv0.22.4
github.com/godbus/dbus/v5v5.1.0
github.com/gogo/protobufv1.3.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/cadvisorv0.49.0
github.com/google/cel-gov0.20.1
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/uuidv1.6.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.20.0
github.com/imdario/mergov0.3.6
github.com/josharian/internv1.0.0
github.com/json-iterator/gov1.1.12
github.com/lithammer/dedentv1.1.0
github.com/mailru/easyjsonv0.7.7
github.com/mistifyio/go-zfsv2.1.2-0.20190413222219-f784269be439+incompatible
github.com/moby/ipvsv1.1.0
github.com/moby/sys/mountinfov0.7.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/opencontainers/go-digestv1.0.0
github.com/opencontainers/runcv1.1.13
github.com/opencontainers/runtime-specv1.0.3-0.20220909204839-494a5a6aca78
github.com/pkg/errorsv0.9.1
github.com/prometheus/client_golangv1.19.1
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.55.0
github.com/prometheus/procfsv0.15.1
github.com/sirupsen/logrusv1.9.3
github.com/spf13/cobrav1.8.1
github.com/spf13/pflagv1.0.5
github.com/stoewer/go-strcasev1.2.0
github.com/vishvananda/netlinkv1.1.0
github.com/vishvananda/netnsv0.0.4
github.com/x448/float16v0.8.4
go.etcd.io/etcd/api/v3v3.5.14
go.etcd.io/etcd/client/pkg/v3v3.5.14
go.etcd.io/etcd/client/v3v3.5.14
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.53.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.53.0
go.opentelemetry.io/otelv1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.27.0
go.opentelemetry.io/otel/metricv1.28.0
go.opentelemetry.io/otel/sdkv1.28.0
go.opentelemetry.io/otel/tracev1.28.0
go.opentelemetry.io/proto/otlpv1.3.1
go.uber.org/multierrv1.11.0
go.uber.org/zapv1.26.0
golang.org/x/cryptov0.24.0
golang.org/x/expv0.0.0-20230515195305-f3d0a9c9a5cc
golang.org/x/netv0.26.0
golang.org/x/oauth2v0.21.0
golang.org/x/syncv0.7.0
golang.org/x/sysv0.21.0
golang.org/x/termv0.21.0
golang.org/x/textv0.16.0
golang.org/x/timev0.3.0
google.golang.org/genproto/googleapis/apiv0.0.0-20240528184218-531527333157
google.golang.org/genproto/googleapis/rpcv0.0.0-20240701130421-f6361c86f094
google.golang.org/grpcv1.65.0
google.golang.org/protobufv1.34.2
gopkg.in/evanphx/json-patch.v4v4.12.0
gopkg.in/inf.v0v0.9.1
gopkg.in/natefinch/lumberjack.v2v2.2.1
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/api
k8s.io/apiextensions-apiserver
k8s.io/apimachinery
k8s.io/apiserver
k8s.io/client-go
k8s.io/cloud-provider
k8s.io/component-base
k8s.io/component-helpers
k8s.io/controller-manager
k8s.io/cri-api
k8s.io/cri-client
k8s.io/klog/v2v2.130.1
k8s.io/kms
k8s.io/kube-openapiv0.0.0-20240228011516-70dd3763d340
k8s.io/kube-proxy
k8s.io/kubelet
k8s.io/mount-utils
k8s.io/utilsv0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/apiserver-network-proxy/konnectivity-clientv0.30.3
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/knftablesv0.0.17
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.4.0
+ +
+

usr/local/bin/kube-apiserver

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
github.com/opencontainers/runcCVE-2024-45310MEDIUMv1.1.131.1.14, 1.2.0-rc.3 + https://access.redhat.com/security/cve/CVE-2024-45310 + https://github.com/opencontainers/runc + https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 + https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e + https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf + https://github.com/opencontainers/runc/pull/4359 + https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv + https://nvd.nist.gov/vuln/detail/CVE-2024-45310 + https://www.cve.org/CVERecord?id=CVE-2024-45310 + https://www.openwall.com/lists/oss-security/2024/09/03/1 +
gopkg.in/square/go-jose.v2CVE-2024-28180MEDIUMv2.6.0 + https://access.redhat.com/errata/RHSA-2024:3827 + https://access.redhat.com/security/cve/CVE-2024-28180 + https://bugzilla.redhat.com/2268017 + https://bugzilla.redhat.com/2268820 + https://bugzilla.redhat.com/2268854 + https://bugzilla.redhat.com/show_bug.cgi?id=2268017 + https://bugzilla.redhat.com/show_bug.cgi?id=2268820 + https://bugzilla.redhat.com/show_bug.cgi?id=2268854 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28176 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180 + https://errata.almalinux.org/9/ALSA-2024-3827.html + https://errata.rockylinux.org/RLSA-2024:3827 + https://github.com/go-jose/go-jose + https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 + https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a + https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 + https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g + https://linux.oracle.com/cve/CVE-2024-28180.html + https://linux.oracle.com/errata/ELSA-2024-3968.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/ + https://nvd.nist.gov/vuln/detail/CVE-2024-28180 + https://www.cve.org/CVERecord?id=CVE-2024-28180 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
k8s.io/kubernetes
stdlibv1.22.8
github.com/NYTimes/gziphandlerv1.1.1
github.com/antlr4-go/antlr/v4v4.13.0
github.com/asaskevich/govalidatorv0.0.0-20190424111038-f61b66f89f4a
github.com/beorn7/perksv1.0.1
github.com/blang/semver/v4v4.0.0
github.com/cenkalti/backoff/v4v4.3.0
github.com/cespare/xxhash/v2v2.3.0
github.com/coreos/go-oidcv2.2.1+incompatible
github.com/coreos/go-semverv0.3.1
github.com/coreos/go-systemd/v22v22.5.0
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/distribution/referencev0.5.0
github.com/emicklei/go-restful/v3v3.11.0
github.com/felixge/httpsnoopv1.0.4
github.com/fsnotify/fsnotifyv1.7.0
github.com/fxamacker/cbor/v2v2.7.0
github.com/go-logr/logrv1.4.2
github.com/go-logr/stdrv1.2.2
github.com/go-logr/zaprv1.3.0
github.com/go-openapi/jsonpointerv0.19.6
github.com/go-openapi/jsonreferencev0.20.2
github.com/go-openapi/swagv0.22.4
github.com/gogo/protobufv1.3.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/cel-gov0.20.1
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/uuidv1.6.0
github.com/gorilla/websocketv1.5.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.20.0
github.com/imdario/mergov0.3.6
github.com/josharian/internv1.0.0
github.com/json-iterator/gov1.1.12
github.com/mailru/easyjsonv0.7.7
github.com/moby/spdystreamv0.4.0
github.com/moby/sys/mountinfov0.7.1
github.com/moby/termv0.5.0
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/mxk/go-flowratev0.0.0-20140419014527-cca7078d478f
github.com/opencontainers/go-digestv1.0.0
github.com/opencontainers/runcv1.1.13
github.com/opencontainers/selinuxv1.11.0
github.com/pkg/errorsv0.9.1
github.com/pquerna/cachecontrolv0.1.0
github.com/prometheus/client_golangv1.19.1
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.55.0
github.com/prometheus/procfsv0.15.1
github.com/robfig/cron/v3v3.0.1
github.com/spf13/cobrav1.8.1
github.com/spf13/pflagv1.0.5
github.com/stoewer/go-strcasev1.2.0
github.com/x448/float16v0.8.4
go.etcd.io/etcd/api/v3v3.5.14
go.etcd.io/etcd/client/pkg/v3v3.5.14
go.etcd.io/etcd/client/v3v3.5.14
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.53.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.53.0
go.opentelemetry.io/otelv1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.27.0
go.opentelemetry.io/otel/metricv1.28.0
go.opentelemetry.io/otel/sdkv1.28.0
go.opentelemetry.io/otel/tracev1.28.0
go.opentelemetry.io/proto/otlpv1.3.1
go.uber.org/multierrv1.11.0
go.uber.org/zapv1.26.0
golang.org/x/cryptov0.24.0
golang.org/x/expv0.0.0-20230515195305-f3d0a9c9a5cc
golang.org/x/netv0.26.0
golang.org/x/oauth2v0.21.0
golang.org/x/syncv0.7.0
golang.org/x/sysv0.21.0
golang.org/x/termv0.21.0
golang.org/x/textv0.16.0
golang.org/x/timev0.3.0
golang.org/x/toolsv0.21.1-0.20240508182429-e35e4ccd0d2d
google.golang.org/genproto/googleapis/apiv0.0.0-20240528184218-531527333157
google.golang.org/genproto/googleapis/rpcv0.0.0-20240701130421-f6361c86f094
google.golang.org/grpcv1.65.0
google.golang.org/protobufv1.34.2
gopkg.in/evanphx/json-patch.v4v4.12.0
gopkg.in/inf.v0v0.9.1
gopkg.in/natefinch/lumberjack.v2v2.2.1
gopkg.in/square/go-jose.v2v2.6.0
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/api
k8s.io/apiextensions-apiserver
k8s.io/apimachinery
k8s.io/apiserver
k8s.io/client-go
k8s.io/cloud-provider
k8s.io/cluster-bootstrap
k8s.io/component-base
k8s.io/component-helpers
k8s.io/controller-manager
k8s.io/dynamic-resource-allocation
k8s.io/klog/v2v2.130.1
k8s.io/kms
k8s.io/kube-aggregator
k8s.io/kube-openapiv0.0.0-20240228011516-70dd3763d340
k8s.io/kubelet
k8s.io/mount-utils
k8s.io/pod-security-admission
k8s.io/utilsv0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/apiserver-network-proxy/konnectivity-clientv0.30.3
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.4.0
+ +
+

usr/local/bin/kube-controller-manager

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
github.com/opencontainers/runcCVE-2024-45310MEDIUMv1.1.131.1.14, 1.2.0-rc.3 + https://access.redhat.com/security/cve/CVE-2024-45310 + https://github.com/opencontainers/runc + https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7 + https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e + https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf + https://github.com/opencontainers/runc/pull/4359 + https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv + https://nvd.nist.gov/vuln/detail/CVE-2024-45310 + https://www.cve.org/CVERecord?id=CVE-2024-45310 + https://www.openwall.com/lists/oss-security/2024/09/03/1 +
gopkg.in/square/go-jose.v2CVE-2024-28180MEDIUMv2.6.0 + https://access.redhat.com/errata/RHSA-2024:3827 + https://access.redhat.com/security/cve/CVE-2024-28180 + https://bugzilla.redhat.com/2268017 + https://bugzilla.redhat.com/2268820 + https://bugzilla.redhat.com/2268854 + https://bugzilla.redhat.com/show_bug.cgi?id=2268017 + https://bugzilla.redhat.com/show_bug.cgi?id=2268820 + https://bugzilla.redhat.com/show_bug.cgi?id=2268854 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28176 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180 + https://errata.almalinux.org/9/ALSA-2024-3827.html + https://errata.rockylinux.org/RLSA-2024:3827 + https://github.com/go-jose/go-jose + https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 + https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a + https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 + https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g + https://linux.oracle.com/cve/CVE-2024-28180.html + https://linux.oracle.com/errata/ELSA-2024-3968.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/ + https://nvd.nist.gov/vuln/detail/CVE-2024-28180 + https://www.cve.org/CVERecord?id=CVE-2024-28180 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
k8s.io/kubernetes
stdlibv1.22.8
github.com/NYTimes/gziphandlerv1.1.1
github.com/antlr4-go/antlr/v4v4.13.0
github.com/asaskevich/govalidatorv0.0.0-20190424111038-f61b66f89f4a
github.com/beorn7/perksv1.0.1
github.com/blang/semver/v4v4.0.0
github.com/cenkalti/backoff/v4v4.3.0
github.com/cespare/xxhash/v2v2.3.0
github.com/checkpoint-restore/go-criu/v5v5.3.0
github.com/cilium/ebpfv0.9.1
github.com/container-storage-interface/specv1.9.0
github.com/containerd/consolev1.0.3
github.com/containerd/ttrpcv1.2.2
github.com/coreos/go-oidcv2.2.1+incompatible
github.com/coreos/go-semverv0.3.1
github.com/coreos/go-systemd/v22v22.5.0
github.com/cyphar/filepath-securejoinv0.2.4
github.com/davecgh/go-spewv1.1.2-0.20180830191138-d8f796af33cc
github.com/distribution/referencev0.5.0
github.com/docker/go-unitsv0.5.0
github.com/emicklei/go-restful/v3v3.11.0
github.com/euank/go-kmsg-parserv2.0.0+incompatible
github.com/felixge/httpsnoopv1.0.4
github.com/fsnotify/fsnotifyv1.7.0
github.com/fxamacker/cbor/v2v2.7.0
github.com/go-logr/logrv1.4.2
github.com/go-logr/stdrv1.2.2
github.com/go-logr/zaprv1.3.0
github.com/go-openapi/jsonpointerv0.19.6
github.com/go-openapi/jsonreferencev0.20.2
github.com/go-openapi/swagv0.22.4
github.com/godbus/dbus/v5v5.1.0
github.com/gogo/protobufv1.3.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/cadvisorv0.49.0
github.com/google/cel-gov0.20.1
github.com/google/gnostic-modelsv0.6.8
github.com/google/go-cmpv0.6.0
github.com/google/gofuzzv1.2.0
github.com/google/uuidv1.6.0
github.com/gorilla/websocketv1.5.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.20.0
github.com/imdario/mergov0.3.6
github.com/josharian/internv1.0.0
github.com/json-iterator/gov1.1.12
github.com/karrick/godirwalkv1.17.0
github.com/libopenstorage/openstoragev1.0.0
github.com/mailru/easyjsonv0.7.7
github.com/mistifyio/go-zfsv2.1.2-0.20190413222219-f784269be439+incompatible
github.com/moby/spdystreamv0.4.0
github.com/moby/sys/mountinfov0.7.1
github.com/moby/termv0.5.0
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/mohae/deepcopyv0.0.0-20170603005431-491d3605edfb
github.com/mrunalp/fileutilsv0.5.1
github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822
github.com/mxk/go-flowratev0.0.0-20140419014527-cca7078d478f
github.com/opencontainers/go-digestv1.0.0
github.com/opencontainers/runcv1.1.13
github.com/opencontainers/runtime-specv1.0.3-0.20220909204839-494a5a6aca78
github.com/opencontainers/selinuxv1.11.0
github.com/pkg/errorsv0.9.1
github.com/pquerna/cachecontrolv0.1.0
github.com/prometheus/client_golangv1.19.1
github.com/prometheus/client_modelv0.6.1
github.com/prometheus/commonv0.55.0
github.com/prometheus/procfsv0.15.1
github.com/robfig/cron/v3v3.0.1
github.com/sirupsen/logrusv1.9.3
github.com/spf13/cobrav1.8.1
github.com/spf13/pflagv1.0.5
github.com/stoewer/go-strcasev1.2.0
github.com/syndtr/gocapabilityv0.0.0-20200815063812-42c35b437635
github.com/vishvananda/netlinkv1.1.0
github.com/vishvananda/netnsv0.0.4
github.com/x448/float16v0.8.4
go.etcd.io/etcd/api/v3v3.5.14
go.etcd.io/etcd/client/pkg/v3v3.5.14
go.etcd.io/etcd/client/v3v3.5.14
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.53.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.53.0
go.opentelemetry.io/otelv1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.28.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.27.0
go.opentelemetry.io/otel/metricv1.28.0
go.opentelemetry.io/otel/sdkv1.28.0
go.opentelemetry.io/otel/tracev1.28.0
go.opentelemetry.io/proto/otlpv1.3.1
go.uber.org/multierrv1.11.0
go.uber.org/zapv1.26.0
golang.org/x/cryptov0.24.0
golang.org/x/expv0.0.0-20230515195305-f3d0a9c9a5cc
golang.org/x/netv0.26.0
golang.org/x/oauth2v0.21.0
golang.org/x/syncv0.7.0
golang.org/x/sysv0.21.0
golang.org/x/termv0.21.0
golang.org/x/textv0.16.0
golang.org/x/timev0.3.0
golang.org/x/toolsv0.21.1-0.20240508182429-e35e4ccd0d2d
google.golang.org/genproto/googleapis/apiv0.0.0-20240528184218-531527333157
google.golang.org/genproto/googleapis/rpcv0.0.0-20240701130421-f6361c86f094
google.golang.org/grpcv1.65.0
google.golang.org/protobufv1.34.2
gopkg.in/evanphx/json-patch.v4v4.12.0
gopkg.in/inf.v0v0.9.1
gopkg.in/natefinch/lumberjack.v2v2.2.1
gopkg.in/square/go-jose.v2v2.6.0
gopkg.in/yaml.v2v2.4.0
gopkg.in/yaml.v3v3.0.1
k8s.io/api
k8s.io/apiextensions-apiserver
k8s.io/apimachinery
k8s.io/apiserver
k8s.io/client-go
k8s.io/cloud-provider
k8s.io/cluster-bootstrap
k8s.io/component-base
k8s.io/component-helpers
k8s.io/controller-manager
k8s.io/cri-api
k8s.io/cri-client
k8s.io/csi-translation-lib
k8s.io/dynamic-resource-allocation
k8s.io/endpointslice
k8s.io/klog/v2v2.130.1
k8s.io/kms
k8s.io/kube-aggregator
k8s.io/kube-controller-manager
k8s.io/kube-openapiv0.0.0-20240228011516-70dd3763d340
k8s.io/kube-scheduler
k8s.io/kubectl
k8s.io/kubelet
k8s.io/metrics
k8s.io/mount-utils
k8s.io/pod-security-admission
k8s.io/utilsv0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/apiserver-network-proxy/konnectivity-clientv0.30.3
sigs.k8s.io/jsonv0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/structured-merge-diff/v4v4.4.1
sigs.k8s.io/yamlv1.4.0
+ +
+

usr/local/bin/etcd

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
github.com/golang-jwt/jwt/v4CVE-2024-51744LOWv4.4.24.5.1 + https://access.redhat.com/security/cve/CVE-2024-51744 + https://github.com/golang-jwt/jwt + https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c + https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r + https://nvd.nist.gov/vuln/detail/CVE-2024-51744 + https://www.cve.org/CVERecord?id=CVE-2024-51744 +
stdlibCVE-2024-34156HIGHv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9473 + https://access.redhat.com/security/cve/CVE-2024-34156 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2318052 + https://bugzilla.redhat.com/show_bug.cgi?id=2262921 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://errata.almalinux.org/9/ALSA-2024-9473.html + https://errata.rockylinux.org/RLSA-2024:7262 + https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) + https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) + https://go.dev/cl/611239 + https://go.dev/issue/69139 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34156.html + https://linux.oracle.com/errata/ELSA-2024-9473.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34156 + https://pkg.go.dev/vuln/GO-2024-3106 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34156 +
stdlibCVE-2024-34155MEDIUMv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34155 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) + https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) + https://go.dev/cl/611238 + https://go.dev/issue/69138 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34155.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34155 + https://pkg.go.dev/vuln/GO-2024-3105 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34155 +
stdlibCVE-2024-34158MEDIUMv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34158 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) + https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) + https://go.dev/cl/611240 + https://go.dev/issue/69141 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34158.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34158 + https://pkg.go.dev/vuln/GO-2024-3107 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34158 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
go.etcd.io/etcd/server/v3
stdlibv1.21.12
../api
../client/pkg
../client/v2
../client/v3
../pkg
../raft
github.com/beorn7/perksv1.0.1
github.com/cenkalti/backoff/v4v4.2.1
github.com/cespare/xxhash/v2v2.2.0
github.com/coreos/go-semverv0.3.0
github.com/coreos/go-systemd/v22v22.3.2
github.com/dustin/go-humanizev1.0.0
github.com/go-logr/logrv1.3.0
github.com/go-logr/stdrv1.2.2
github.com/gogo/protobufv1.3.2
github.com/golang-jwt/jwt/v4v4.4.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/btreev1.0.1
github.com/gorilla/websocketv1.4.2
github.com/grpc-ecosystem/go-grpc-middlewarev1.3.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gatewayv1.16.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.16.0
github.com/jonboulle/clockworkv0.2.2
github.com/json-iterator/gov1.1.11
github.com/matttproud/golang_protobuf_extensionsv1.0.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.1
github.com/prometheus/client_golangv1.11.1
github.com/prometheus/client_modelv0.2.0
github.com/prometheus/commonv0.26.0
github.com/prometheus/procfsv0.6.0
github.com/sirupsen/logrusv1.9.3
github.com/soheilhy/cmuxv0.1.5
github.com/spf13/cobrav1.1.3
github.com/spf13/pflagv1.0.5
github.com/tmc/grpc-websocket-proxyv0.0.0-20201229170055-e5319fda7802
github.com/xiang90/probingv0.0.0-20190116061207-43a291ad63a2
go.etcd.io/bboltv1.3.10
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.46.0
go.opentelemetry.io/otelv1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.20.0
go.opentelemetry.io/otel/metricv1.20.0
go.opentelemetry.io/otel/sdkv1.20.0
go.opentelemetry.io/otel/tracev1.20.0
go.opentelemetry.io/proto/otlpv1.0.0
go.uber.org/atomicv1.7.0
go.uber.org/multierrv1.6.0
go.uber.org/zapv1.17.0
golang.org/x/cryptov0.21.0
golang.org/x/netv0.23.0
golang.org/x/sysv0.18.0
golang.org/x/textv0.14.0
golang.org/x/timev0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/genprotov0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/apiv0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/rpcv0.0.0-20230822172742-b8732ec3820d
google.golang.org/grpcv1.59.0
google.golang.org/protobufv1.33.0
gopkg.in/natefinch/lumberjack.v2v2.0.0
gopkg.in/yaml.v2v2.4.0
sigs.k8s.io/yamlv1.2.0
+ +
+

usr/local/bin/etcd-3.5.15

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
github.com/golang-jwt/jwt/v4CVE-2024-51744LOWv4.4.24.5.1 + https://access.redhat.com/security/cve/CVE-2024-51744 + https://github.com/golang-jwt/jwt + https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c + https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r + https://nvd.nist.gov/vuln/detail/CVE-2024-51744 + https://www.cve.org/CVERecord?id=CVE-2024-51744 +
stdlibCVE-2024-34156HIGHv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9473 + https://access.redhat.com/security/cve/CVE-2024-34156 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2318052 + https://bugzilla.redhat.com/show_bug.cgi?id=2262921 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://errata.almalinux.org/9/ALSA-2024-9473.html + https://errata.rockylinux.org/RLSA-2024:7262 + https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) + https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) + https://go.dev/cl/611239 + https://go.dev/issue/69139 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34156.html + https://linux.oracle.com/errata/ELSA-2024-9473.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34156 + https://pkg.go.dev/vuln/GO-2024-3106 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34156 +
stdlibCVE-2024-34155MEDIUMv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34155 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) + https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) + https://go.dev/cl/611238 + https://go.dev/issue/69138 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34155.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34155 + https://pkg.go.dev/vuln/GO-2024-3105 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34155 +
stdlibCVE-2024-34158MEDIUMv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34158 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) + https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) + https://go.dev/cl/611240 + https://go.dev/issue/69141 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34158.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34158 + https://pkg.go.dev/vuln/GO-2024-3107 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34158 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
go.etcd.io/etcd/server/v3
stdlibv1.21.12
../api
../client/pkg
../client/v2
../client/v3
../pkg
../raft
github.com/beorn7/perksv1.0.1
github.com/cenkalti/backoff/v4v4.2.1
github.com/cespare/xxhash/v2v2.2.0
github.com/coreos/go-semverv0.3.0
github.com/coreos/go-systemd/v22v22.3.2
github.com/dustin/go-humanizev1.0.0
github.com/go-logr/logrv1.3.0
github.com/go-logr/stdrv1.2.2
github.com/gogo/protobufv1.3.2
github.com/golang-jwt/jwt/v4v4.4.2
github.com/golang/groupcachev0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobufv1.5.4
github.com/google/btreev1.0.1
github.com/gorilla/websocketv1.4.2
github.com/grpc-ecosystem/go-grpc-middlewarev1.3.0
github.com/grpc-ecosystem/go-grpc-prometheusv1.2.0
github.com/grpc-ecosystem/grpc-gatewayv1.16.0
github.com/grpc-ecosystem/grpc-gateway/v2v2.16.0
github.com/jonboulle/clockworkv0.2.2
github.com/json-iterator/gov1.1.11
github.com/matttproud/golang_protobuf_extensionsv1.0.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.1
github.com/prometheus/client_golangv1.11.1
github.com/prometheus/client_modelv0.2.0
github.com/prometheus/commonv0.26.0
github.com/prometheus/procfsv0.6.0
github.com/sirupsen/logrusv1.9.3
github.com/soheilhy/cmuxv0.1.5
github.com/spf13/cobrav1.1.3
github.com/spf13/pflagv1.0.5
github.com/tmc/grpc-websocket-proxyv0.0.0-20201229170055-e5319fda7802
github.com/xiang90/probingv0.0.0-20190116061207-43a291ad63a2
go.etcd.io/bboltv1.3.10
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.46.0
go.opentelemetry.io/otelv1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptracev1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpcv1.20.0
go.opentelemetry.io/otel/metricv1.20.0
go.opentelemetry.io/otel/sdkv1.20.0
go.opentelemetry.io/otel/tracev1.20.0
go.opentelemetry.io/proto/otlpv1.0.0
go.uber.org/atomicv1.7.0
go.uber.org/multierrv1.6.0
go.uber.org/zapv1.17.0
golang.org/x/cryptov0.21.0
golang.org/x/netv0.23.0
golang.org/x/sysv0.18.0
golang.org/x/textv0.14.0
golang.org/x/timev0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/genprotov0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/apiv0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/rpcv0.0.0-20230822172742-b8732ec3820d
google.golang.org/grpcv1.59.0
google.golang.org/protobufv1.33.0
gopkg.in/natefinch/lumberjack.v2v2.0.0
gopkg.in/yaml.v2v2.4.0
sigs.k8s.io/yamlv1.2.0
+ +
+

usr/local/bin/etcdctl

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
github.com/golang-jwt/jwt/v4CVE-2024-51744LOWv4.4.24.5.1 + https://access.redhat.com/security/cve/CVE-2024-51744 + https://github.com/golang-jwt/jwt + https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c + https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r + https://nvd.nist.gov/vuln/detail/CVE-2024-51744 + https://www.cve.org/CVERecord?id=CVE-2024-51744 +
stdlibCVE-2024-34156HIGHv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9473 + https://access.redhat.com/security/cve/CVE-2024-34156 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2318052 + https://bugzilla.redhat.com/show_bug.cgi?id=2262921 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://errata.almalinux.org/9/ALSA-2024-9473.html + https://errata.rockylinux.org/RLSA-2024:7262 + https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) + https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) + https://go.dev/cl/611239 + https://go.dev/issue/69139 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34156.html + https://linux.oracle.com/errata/ELSA-2024-9473.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34156 + https://pkg.go.dev/vuln/GO-2024-3106 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34156 +
stdlibCVE-2024-34155MEDIUMv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34155 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) + https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) + https://go.dev/cl/611238 + https://go.dev/issue/69138 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34155.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34155 + https://pkg.go.dev/vuln/GO-2024-3105 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34155 +
stdlibCVE-2024-34158MEDIUMv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34158 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) + https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) + https://go.dev/cl/611240 + https://go.dev/issue/69141 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34158.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34158 + https://pkg.go.dev/vuln/GO-2024-3107 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34158 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
go.etcd.io/etcd/etcdctl/v3
stdlibv1.21.12
../api
../client/pkg
../client/v2
../client/v3
../etcdutl
../pkg
../raft
../server
github.com/beorn7/perksv1.0.1
github.com/bgentry/speakeasyv0.1.0
github.com/cespare/xxhash/v2v2.2.0
github.com/coreos/go-semverv0.3.0
github.com/coreos/go-systemd/v22v22.3.2
github.com/cpuguy83/go-md2man/v2v2.0.0
github.com/dustin/go-humanizev1.0.0
github.com/go-logr/logrv1.3.0
github.com/go-logr/stdrv1.2.2
github.com/gogo/protobufv1.3.2
github.com/golang-jwt/jwt/v4v4.4.2
github.com/golang/protobufv1.5.4
github.com/google/btreev1.0.1
github.com/jonboulle/clockworkv0.2.2
github.com/json-iterator/gov1.1.11
github.com/mattn/go-runewidthv0.0.9
github.com/matttproud/golang_protobuf_extensionsv1.0.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.1
github.com/olekukonko/tablewriterv0.0.5
github.com/prometheus/client_golangv1.11.1
github.com/prometheus/client_modelv0.2.0
github.com/prometheus/commonv0.26.0
github.com/prometheus/procfsv0.6.0
github.com/russross/blackfriday/v2v2.0.1
github.com/shurcooL/sanitized_anchor_namev1.0.0
github.com/spf13/cobrav1.1.3
github.com/spf13/pflagv1.0.5
github.com/urfave/cliv1.22.4
github.com/xiang90/probingv0.0.0-20190116061207-43a291ad63a2
go.etcd.io/bboltv1.3.10
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.46.0
go.opentelemetry.io/otelv1.20.0
go.opentelemetry.io/otel/metricv1.20.0
go.opentelemetry.io/otel/tracev1.20.0
go.uber.org/atomicv1.7.0
go.uber.org/multierrv1.6.0
go.uber.org/zapv1.17.0
golang.org/x/cryptov0.21.0
golang.org/x/netv0.23.0
golang.org/x/sysv0.18.0
golang.org/x/textv0.14.0
golang.org/x/timev0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/genproto/googleapis/apiv0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/rpcv0.0.0-20230822172742-b8732ec3820d
google.golang.org/grpcv1.59.0
google.golang.org/protobufv1.33.0
gopkg.in/cheggaaa/pb.v1v1.0.28
+ +
+

usr/local/bin/etcdctl-3.5.15

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
github.com/golang-jwt/jwt/v4CVE-2024-51744LOWv4.4.24.5.1 + https://access.redhat.com/security/cve/CVE-2024-51744 + https://github.com/golang-jwt/jwt + https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c + https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r + https://nvd.nist.gov/vuln/detail/CVE-2024-51744 + https://www.cve.org/CVERecord?id=CVE-2024-51744 +
stdlibCVE-2024-34156HIGHv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9473 + https://access.redhat.com/security/cve/CVE-2024-34156 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2318052 + https://bugzilla.redhat.com/show_bug.cgi?id=2262921 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://errata.almalinux.org/9/ALSA-2024-9473.html + https://errata.rockylinux.org/RLSA-2024:7262 + https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) + https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) + https://go.dev/cl/611239 + https://go.dev/issue/69139 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34156.html + https://linux.oracle.com/errata/ELSA-2024-9473.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34156 + https://pkg.go.dev/vuln/GO-2024-3106 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34156 +
stdlibCVE-2024-34155MEDIUMv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34155 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) + https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) + https://go.dev/cl/611238 + https://go.dev/issue/69138 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34155.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34155 + https://pkg.go.dev/vuln/GO-2024-3105 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34155 +
stdlibCVE-2024-34158MEDIUMv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34158 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) + https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) + https://go.dev/cl/611240 + https://go.dev/issue/69141 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34158.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34158 + https://pkg.go.dev/vuln/GO-2024-3107 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34158 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
go.etcd.io/etcd/etcdctl/v3
stdlibv1.21.12
../api
../client/pkg
../client/v2
../client/v3
../etcdutl
../pkg
../raft
../server
github.com/beorn7/perksv1.0.1
github.com/bgentry/speakeasyv0.1.0
github.com/cespare/xxhash/v2v2.2.0
github.com/coreos/go-semverv0.3.0
github.com/coreos/go-systemd/v22v22.3.2
github.com/cpuguy83/go-md2man/v2v2.0.0
github.com/dustin/go-humanizev1.0.0
github.com/go-logr/logrv1.3.0
github.com/go-logr/stdrv1.2.2
github.com/gogo/protobufv1.3.2
github.com/golang-jwt/jwt/v4v4.4.2
github.com/golang/protobufv1.5.4
github.com/google/btreev1.0.1
github.com/jonboulle/clockworkv0.2.2
github.com/json-iterator/gov1.1.11
github.com/mattn/go-runewidthv0.0.9
github.com/matttproud/golang_protobuf_extensionsv1.0.1
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.1
github.com/olekukonko/tablewriterv0.0.5
github.com/prometheus/client_golangv1.11.1
github.com/prometheus/client_modelv0.2.0
github.com/prometheus/commonv0.26.0
github.com/prometheus/procfsv0.6.0
github.com/russross/blackfriday/v2v2.0.1
github.com/shurcooL/sanitized_anchor_namev1.0.0
github.com/spf13/cobrav1.1.3
github.com/spf13/pflagv1.0.5
github.com/urfave/cliv1.22.4
github.com/xiang90/probingv0.0.0-20190116061207-43a291ad63a2
go.etcd.io/bboltv1.3.10
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcv0.46.0
go.opentelemetry.io/otelv1.20.0
go.opentelemetry.io/otel/metricv1.20.0
go.opentelemetry.io/otel/tracev1.20.0
go.uber.org/atomicv1.7.0
go.uber.org/multierrv1.6.0
go.uber.org/zapv1.17.0
golang.org/x/cryptov0.21.0
golang.org/x/netv0.23.0
golang.org/x/sysv0.18.0
golang.org/x/textv0.14.0
golang.org/x/timev0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/genproto/googleapis/apiv0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/rpcv0.0.0-20230822172742-b8732ec3820d
google.golang.org/grpcv1.59.0
google.golang.org/protobufv1.33.0
gopkg.in/cheggaaa/pb.v1v1.0.28
+ +
+

usr/local/bin/migrate

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
stdlibCVE-2024-34156HIGHv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9473 + https://access.redhat.com/security/cve/CVE-2024-34156 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2318052 + https://bugzilla.redhat.com/show_bug.cgi?id=2262921 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://errata.almalinux.org/9/ALSA-2024-9473.html + https://errata.rockylinux.org/RLSA-2024:7262 + https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) + https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) + https://go.dev/cl/611239 + https://go.dev/issue/69139 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34156.html + https://linux.oracle.com/errata/ELSA-2024-9473.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34156 + https://pkg.go.dev/vuln/GO-2024-3106 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34156 +
stdlibCVE-2024-34155MEDIUMv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34155 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) + https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) + https://go.dev/cl/611238 + https://go.dev/issue/69138 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34155.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34155 + https://pkg.go.dev/vuln/GO-2024-3105 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34155 +
stdlibCVE-2024-34158MEDIUMv1.21.121.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34158 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) + https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) + https://go.dev/cl/611240 + https://go.dev/issue/69141 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34158.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34158 + https://pkg.go.dev/vuln/GO-2024-3107 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34158 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
stdlibv1.21.12
+ +
+

docker.io/kindest/local-path-provisioner:v20240813-c6f155d6 (debian 11.10)

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
libc6CVE-2023-4806MEDIUM2.31-13+deb11u10 + https://access.redhat.com/errata/RHSA-2023:5453 + https://access.redhat.com/errata/RHSA-2023:5455 + https://access.redhat.com/errata/RHSA-2023:7409 + https://access.redhat.com/security/cve/CVE-2023-4806 + https://bugzilla.redhat.com/2234712 + https://bugzilla.redhat.com/2237782 + https://bugzilla.redhat.com/2237798 + https://bugzilla.redhat.com/2238352 + https://bugzilla.redhat.com/show_bug.cgi?id=2234712 + https://bugzilla.redhat.com/show_bug.cgi?id=2237782 + https://bugzilla.redhat.com/show_bug.cgi?id=2237798 + https://bugzilla.redhat.com/show_bug.cgi?id=2238352 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4527 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4806 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4813 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911 + https://errata.almalinux.org/9/ALSA-2023-5453.html + https://errata.rockylinux.org/RLSA-2023:5455 + https://linux.oracle.com/cve/CVE-2023-4806.html + https://linux.oracle.com/errata/ELSA-2023-5455.html + https://nvd.nist.gov/vuln/detail/CVE-2023-4806 + https://ubuntu.com/security/notices/USN-6541-1 + https://ubuntu.com/security/notices/USN-6541-2 + https://www.cve.org/CVERecord?id=CVE-2023-4806 +
libc6CVE-2023-4813MEDIUM2.31-13+deb11u10 + https://access.redhat.com/errata/RHSA-2023:5453 + https://access.redhat.com/errata/RHSA-2023:5455 + https://access.redhat.com/errata/RHSA-2023:7409 + https://access.redhat.com/security/cve/CVE-2023-4813 + https://bugzilla.redhat.com/2234712 + https://bugzilla.redhat.com/2237782 + https://bugzilla.redhat.com/2237798 + https://bugzilla.redhat.com/2238352 + https://bugzilla.redhat.com/show_bug.cgi?id=2234712 + https://bugzilla.redhat.com/show_bug.cgi?id=2237782 + https://bugzilla.redhat.com/show_bug.cgi?id=2237798 + https://bugzilla.redhat.com/show_bug.cgi?id=2238352 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4527 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4806 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4813 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911 + https://errata.almalinux.org/9/ALSA-2023-5453.html + https://errata.rockylinux.org/RLSA-2023:5455 + https://linux.oracle.com/cve/CVE-2023-4813.html + https://linux.oracle.com/errata/ELSA-2023-5455.html + https://nvd.nist.gov/vuln/detail/CVE-2023-4813 + https://ubuntu.com/security/notices/USN-6541-1 + https://ubuntu.com/security/notices/USN-6541-2 + https://www.cve.org/CVERecord?id=CVE-2023-4813 +
libc6CVE-2010-4756LOW2.31-13+deb11u10 + http://cxib.net/stuff/glob-0day.c + http://securityreason.com/achievement_securityalert/89 + http://securityreason.com/exploitalert/9223 + https://access.redhat.com/security/cve/CVE-2010-4756 + https://bugzilla.redhat.com/show_bug.cgi?id=681681 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756 + https://nvd.nist.gov/vuln/detail/CVE-2010-4756 + https://www.cve.org/CVERecord?id=CVE-2010-4756 +
libc6CVE-2018-20796LOW2.31-13+deb11u10 + http://www.securityfocus.com/bid/107160 + https://access.redhat.com/security/cve/CVE-2018-20796 + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 + https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html + https://nvd.nist.gov/vuln/detail/CVE-2018-20796 + https://security.netapp.com/advisory/ntap-20190315-0002/ + https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS + https://www.cve.org/CVERecord?id=CVE-2018-20796 +
libc6CVE-2019-1010022LOW2.31-13+deb11u10 + https://access.redhat.com/security/cve/CVE-2019-1010022 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 + https://security-tracker.debian.org/tracker/CVE-2019-1010022 + https://sourceware.org/bugzilla/show_bug.cgi?id=22850 + https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3 + https://ubuntu.com/security/CVE-2019-1010022 + https://www.cve.org/CVERecord?id=CVE-2019-1010022 +
libc6CVE-2019-1010023LOW2.31-13+deb11u10 + http://www.securityfocus.com/bid/109167 + https://access.redhat.com/security/cve/CVE-2019-1010023 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010023 + https://security-tracker.debian.org/tracker/CVE-2019-1010023 + https://sourceware.org/bugzilla/show_bug.cgi?id=22851 + https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS + https://ubuntu.com/security/CVE-2019-1010023 + https://www.cve.org/CVERecord?id=CVE-2019-1010023 +
libc6CVE-2019-1010024LOW2.31-13+deb11u10 + http://www.securityfocus.com/bid/109162 + https://access.redhat.com/security/cve/CVE-2019-1010024 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010024 + https://security-tracker.debian.org/tracker/CVE-2019-1010024 + https://sourceware.org/bugzilla/show_bug.cgi?id=22852 + https://support.f5.com/csp/article/K06046097 + https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS + https://ubuntu.com/security/CVE-2019-1010024 + https://www.cve.org/CVERecord?id=CVE-2019-1010024 +
libc6CVE-2019-1010025LOW2.31-13+deb11u10 + https://access.redhat.com/security/cve/CVE-2019-1010025 + https://nvd.nist.gov/vuln/detail/CVE-2019-1010025 + https://security-tracker.debian.org/tracker/CVE-2019-1010025 + https://sourceware.org/bugzilla/show_bug.cgi?id=22853 + https://support.f5.com/csp/article/K06046097 + https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS + https://ubuntu.com/security/CVE-2019-1010025 + https://www.cve.org/CVERecord?id=CVE-2019-1010025 +
libc6CVE-2019-9192LOW2.31-13+deb11u10 + https://access.redhat.com/security/cve/CVE-2019-9192 + https://nvd.nist.gov/vuln/detail/CVE-2019-9192 + https://sourceware.org/bugzilla/show_bug.cgi?id=24269 + https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS + https://www.cve.org/CVERecord?id=CVE-2019-9192 +
libssl1.1CVE-2023-5678MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 + https://access.redhat.com/errata/RHSA-2024:2447 + https://access.redhat.com/security/cve/CVE-2023-5678 + https://bugzilla.redhat.com/2223016 + https://bugzilla.redhat.com/2224962 + https://bugzilla.redhat.com/2227852 + https://bugzilla.redhat.com/2248616 + https://bugzilla.redhat.com/2257571 + https://bugzilla.redhat.com/2258502 + https://bugzilla.redhat.com/2259944 + https://errata.almalinux.org/9/ALSA-2024-2447.html + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 + https://linux.oracle.com/cve/CVE-2023-5678.html + https://linux.oracle.com/errata/ELSA-2024-2447.html + https://nvd.nist.gov/vuln/detail/CVE-2023-5678 + https://ubuntu.com/security/notices/USN-6622-1 + https://ubuntu.com/security/notices/USN-6632-1 + https://ubuntu.com/security/notices/USN-6709-1 + https://www.cve.org/CVERecord?id=CVE-2023-5678 + https://www.openssl.org/news/secadv/20231106.txt +
libssl1.1CVE-2024-0727MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 + http://www.openwall.com/lists/oss-security/2024/03/11/1 + https://access.redhat.com/errata/RHSA-2024:9088 + https://access.redhat.com/security/cve/CVE-2024-0727 + https://bugzilla.redhat.com/2257571 + https://bugzilla.redhat.com/2258502 + https://bugzilla.redhat.com/2259944 + https://bugzilla.redhat.com/2284243 + https://errata.almalinux.org/9/ALSA-2024-9088.html + https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2 + https://github.com/github/advisory-database/pull/3472 + https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 + https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a + https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c + https://github.com/openssl/openssl/pull/23362 + https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d + https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 + https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 + https://linux.oracle.com/cve/CVE-2024-0727.html + https://linux.oracle.com/errata/ELSA-2024-9088.html + https://nvd.nist.gov/vuln/detail/CVE-2024-0727 + https://security.netapp.com/advisory/ntap-20240208-0006 + https://ubuntu.com/security/notices/USN-6622-1 + https://ubuntu.com/security/notices/USN-6632-1 + https://ubuntu.com/security/notices/USN-6709-1 + https://ubuntu.com/security/notices/USN-7018-1 + https://www.cve.org/CVERecord?id=CVE-2024-0727 + https://www.openssl.org/news/secadv/20240125.txt +
libssl1.1CVE-2024-4741MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-4741 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177 + https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d + https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac + https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8 + https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4 + https://linux.oracle.com/cve/CVE-2024-4741.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-4741 + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-4741 + https://www.openssl.org/news/secadv/20240528.txt +
libssl1.1CVE-2024-5535MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 + http://www.openwall.com/lists/oss-security/2024/06/27/1 + http://www.openwall.com/lists/oss-security/2024/06/28/4 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-5535 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://bugzilla.redhat.com/show_bug.cgi?id=2294581 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://errata.rockylinux.org/RLSA-2024:7848 + https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37 + https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e + https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c + https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c + https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c + https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 + https://linux.oracle.com/cve/CVE-2024-5535.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-5535 + https://openssl.org/news/secadv/20240627.txt + https://security.netapp.com/advisory/ntap-20240712-0005/ + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-5535 + https://www.openssl.org/news/secadv/20240627.txt + https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL +
libssl1.1CVE-2024-2511LOW1.1.1w-0+deb11u11.1.1w-0+deb11u2 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-2511 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce + https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d + https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 + https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640 + https://linux.oracle.com/cve/CVE-2024-2511.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-2511 + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-2511 + https://www.openssl.org/news/secadv/20240408.txt + https://www.openssl.org/news/vulnerabilities.html +
libssl1.1CVE-2024-9143LOW1.1.1w-0+deb11u11.1.1w-0+deb11u2 + https://access.redhat.com/security/cve/CVE-2024-9143 + https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 + https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 + https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 + https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 + https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a + https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 + https://nvd.nist.gov/vuln/detail/CVE-2024-9143 + https://openssl-library.org/news/secadv/20241016.txt + https://www.cve.org/CVERecord?id=CVE-2024-9143 +
opensslCVE-2023-5678MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 + https://access.redhat.com/errata/RHSA-2024:2447 + https://access.redhat.com/security/cve/CVE-2023-5678 + https://bugzilla.redhat.com/2223016 + https://bugzilla.redhat.com/2224962 + https://bugzilla.redhat.com/2227852 + https://bugzilla.redhat.com/2248616 + https://bugzilla.redhat.com/2257571 + https://bugzilla.redhat.com/2258502 + https://bugzilla.redhat.com/2259944 + https://errata.almalinux.org/9/ALSA-2024-2447.html + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 + https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 + https://linux.oracle.com/cve/CVE-2023-5678.html + https://linux.oracle.com/errata/ELSA-2024-2447.html + https://nvd.nist.gov/vuln/detail/CVE-2023-5678 + https://ubuntu.com/security/notices/USN-6622-1 + https://ubuntu.com/security/notices/USN-6632-1 + https://ubuntu.com/security/notices/USN-6709-1 + https://www.cve.org/CVERecord?id=CVE-2023-5678 + https://www.openssl.org/news/secadv/20231106.txt +
opensslCVE-2024-0727MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 + http://www.openwall.com/lists/oss-security/2024/03/11/1 + https://access.redhat.com/errata/RHSA-2024:9088 + https://access.redhat.com/security/cve/CVE-2024-0727 + https://bugzilla.redhat.com/2257571 + https://bugzilla.redhat.com/2258502 + https://bugzilla.redhat.com/2259944 + https://bugzilla.redhat.com/2284243 + https://errata.almalinux.org/9/ALSA-2024-9088.html + https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2 + https://github.com/github/advisory-database/pull/3472 + https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 + https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a + https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c + https://github.com/openssl/openssl/pull/23362 + https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d + https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 + https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 + https://linux.oracle.com/cve/CVE-2024-0727.html + https://linux.oracle.com/errata/ELSA-2024-9088.html + https://nvd.nist.gov/vuln/detail/CVE-2024-0727 + https://security.netapp.com/advisory/ntap-20240208-0006 + https://ubuntu.com/security/notices/USN-6622-1 + https://ubuntu.com/security/notices/USN-6632-1 + https://ubuntu.com/security/notices/USN-6709-1 + https://ubuntu.com/security/notices/USN-7018-1 + https://www.cve.org/CVERecord?id=CVE-2024-0727 + https://www.openssl.org/news/secadv/20240125.txt +
opensslCVE-2024-4741MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-4741 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177 + https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d + https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac + https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8 + https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4 + https://linux.oracle.com/cve/CVE-2024-4741.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-4741 + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-4741 + https://www.openssl.org/news/secadv/20240528.txt +
opensslCVE-2024-5535MEDIUM1.1.1w-0+deb11u11.1.1w-0+deb11u2 + http://www.openwall.com/lists/oss-security/2024/06/27/1 + http://www.openwall.com/lists/oss-security/2024/06/28/4 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-5535 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://bugzilla.redhat.com/show_bug.cgi?id=2294581 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://errata.rockylinux.org/RLSA-2024:7848 + https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37 + https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e + https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c + https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c + https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c + https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 + https://linux.oracle.com/cve/CVE-2024-5535.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-5535 + https://openssl.org/news/secadv/20240627.txt + https://security.netapp.com/advisory/ntap-20240712-0005/ + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-5535 + https://www.openssl.org/news/secadv/20240627.txt + https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL +
opensslCVE-2024-2511LOW1.1.1w-0+deb11u11.1.1w-0+deb11u2 + https://access.redhat.com/errata/RHSA-2024:9333 + https://access.redhat.com/security/cve/CVE-2024-2511 + https://bugzilla.redhat.com/2274020 + https://bugzilla.redhat.com/2281029 + https://bugzilla.redhat.com/2283757 + https://bugzilla.redhat.com/2294581 + https://errata.almalinux.org/9/ALSA-2024-9333.html + https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce + https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d + https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 + https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640 + https://linux.oracle.com/cve/CVE-2024-2511.html + https://linux.oracle.com/errata/ELSA-2024-9333.html + https://nvd.nist.gov/vuln/detail/CVE-2024-2511 + https://ubuntu.com/security/notices/USN-6937-1 + https://www.cve.org/CVERecord?id=CVE-2024-2511 + https://www.openssl.org/news/secadv/20240408.txt + https://www.openssl.org/news/vulnerabilities.html +
opensslCVE-2024-9143LOW1.1.1w-0+deb11u11.1.1w-0+deb11u2 + https://access.redhat.com/security/cve/CVE-2024-9143 + https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 + https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 + https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 + https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 + https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a + https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 + https://nvd.nist.gov/vuln/detail/CVE-2024-9143 + https://openssl-library.org/news/secadv/20241016.txt + https://www.cve.org/CVERecord?id=CVE-2024-9143 +
tzdataDLA-3972-1UNKNOWN2024a-0+deb11u12024b-0+deb11u1 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
base-files@11.1+deb11u10base-files11.1+deb11u10base-files11.1+deb11u10
libc6@2.31-13+deb11u10libc62.31glibc2.31
libssl1.1@1.1.1w-0+deb11u1libssl1.11.1.1wopenssl1.1.1w
netbase@6.3netbase6.3netbase6.3
openssl@1.1.1w-0+deb11u1openssl1.1.1wopenssl1.1.1w
tzdata@2024a-0+deb11u1tzdata2024atzdata2024a
+ +
+

usr/local/bin/local-path-provisioner

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
github.com/gogo/protobufCVE-2021-3121HIGHv1.3.11.3.2 + https://access.redhat.com/security/cve/CVE-2021-3121 + https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 + https://github.com/gogo/protobuf + https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc + https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 + https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E + https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E + https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E + https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E + https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E + https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E + https://nvd.nist.gov/vuln/detail/CVE-2021-3121 + https://pkg.go.dev/vuln/GO-2021-0053 + https://security.netapp.com/advisory/ntap-20210219-0006 + https://security.netapp.com/advisory/ntap-20210219-0006/ + https://www.cve.org/CVERecord?id=CVE-2021-3121 +
golang.org/x/cryptoCVE-2023-48795MEDIUMv0.7.00.17.0 + http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html + http://seclists.org/fulldisclosure/2024/Mar/21 + http://www.openwall.com/lists/oss-security/2023/12/18/3 + http://www.openwall.com/lists/oss-security/2023/12/19/5 + http://www.openwall.com/lists/oss-security/2023/12/20/3 + http://www.openwall.com/lists/oss-security/2024/03/06/3 + http://www.openwall.com/lists/oss-security/2024/04/17/8 + https://access.redhat.com/errata/RHSA-2024:1150 + https://access.redhat.com/security/cve/CVE-2023-48795 + https://access.redhat.com/security/cve/cve-2023-48795 + https://access.redhat.com/solutions/7071748 + https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack + https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ + https://bugs.gentoo.org/920280 + https://bugzilla.redhat.com/2254210 + https://bugzilla.redhat.com/show_bug.cgi?id=2254210 + https://bugzilla.suse.com/show_bug.cgi?id=1217950 + https://crates.io/crates/thrussh/versions + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 + https://errata.almalinux.org/9/ALSA-2024-1150.html + https://errata.rockylinux.org/RLSA-2024:0628 + https://filezilla-project.org/versions.php + https://forum.netgate.com/topic/184941/terrapin-ssh-attack + https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 + https://github.com/NixOS/nixpkgs/pull/275249 + https://github.com/PowerShell/Win32-OpenSSH/issues/2189 + https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta + https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 + https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 + https://github.com/advisories/GHSA-45x7-px36-x8w8 + https://github.com/apache/mina-sshd/issues/445 + https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab + https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 + https://github.com/cyd01/KiTTY/issues/520 + https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 + https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 + https://github.com/erlang/otp/releases/tag/OTP-26.2.1 + https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d + https://github.com/hierynomus/sshj/issues/916 + https://github.com/janmojzis/tinyssh/issues/81 + https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 + https://github.com/libssh2/libssh2/pull/1291 + https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 + https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 + https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 + https://github.com/mwiede/jsch/issues/457 + https://github.com/mwiede/jsch/pull/461 + https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 + https://github.com/openssh/openssh-portable/commits/master + https://github.com/paramiko/paramiko/issues/2337 + https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 + https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES + https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES + https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES + https://github.com/proftpd/proftpd/issues/456 + https://github.com/rapier1/hpn-ssh/releases + https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst + https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 + https://github.com/ronf/asyncssh/tags + https://github.com/ssh-mitm/ssh-mitm/issues/165 + https://github.com/warp-tech/russh + https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 + https://github.com/warp-tech/russh/releases/tag/v0.40.2 + https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 + https://gitlab.com/libssh/libssh-mirror/-/tags + https://go.dev/cl/550715 + https://go.dev/issue/64784 + https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ + https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg + https://help.panic.com/releasenotes/transmit5 + https://help.panic.com/releasenotes/transmit5/ + https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 + https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ + https://linux.oracle.com/cve/CVE-2023-48795.html + https://linux.oracle.com/errata/ELSA-2024-2988.html + https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html + https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html + https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html + https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ + https://matt.ucc.asn.au/dropbear/CHANGES + https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC + https://news.ycombinator.com/item?id=38684904 + https://news.ycombinator.com/item?id=38685286 + https://news.ycombinator.com/item?id=38732005 + https://nova.app/releases/#v11.8 + https://nvd.nist.gov/vuln/detail/CVE-2023-48795 + https://oryx-embedded.com/download/#changelog + https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 + https://roumenpetrov.info/secsh/#news20231220 + https://security-tracker.debian.org/tracker/CVE-2023-48795 + https://security-tracker.debian.org/tracker/source-package/libssh2 + https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg + https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 + https://security.gentoo.org/glsa/202312-16 + https://security.gentoo.org/glsa/202312-17 + https://security.netapp.com/advisory/ntap-20240105-0004 + https://security.netapp.com/advisory/ntap-20240105-0004/ + https://support.apple.com/kb/HT214084 + https://terrapin-attack.com/ + https://thorntech.com/cve-2023-48795-and-sftp-gateway + https://thorntech.com/cve-2023-48795-and-sftp-gateway/ + https://twitter.com/TrueSkrillor/status/1736774389725565005 + https://ubuntu.com/security/CVE-2023-48795 + https://ubuntu.com/security/notices/USN-6560-1 + https://ubuntu.com/security/notices/USN-6560-2 + https://ubuntu.com/security/notices/USN-6561-1 + https://ubuntu.com/security/notices/USN-6585-1 + https://ubuntu.com/security/notices/USN-6589-1 + https://ubuntu.com/security/notices/USN-6598-1 + https://ubuntu.com/security/notices/USN-6738-1 + https://ubuntu.com/security/notices/USN-7051-1 + https://winscp.net/eng/docs/history#6.2.2 + https://www.bitvise.com/ssh-client-version-history#933 + https://www.bitvise.com/ssh-server-version-history + https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html + https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update + https://www.cve.org/CVERecord?id=CVE-2023-48795 + https://www.debian.org/security/2023/dsa-5586 + https://www.debian.org/security/2023/dsa-5588 + https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc + https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 + https://www.netsarang.com/en/xshell-update-history + https://www.netsarang.com/en/xshell-update-history/ + https://www.openssh.com/openbsd.html + https://www.openssh.com/txt/release-9.6 + https://www.openwall.com/lists/oss-security/2023/12/18/2 + https://www.openwall.com/lists/oss-security/2023/12/18/3 + https://www.openwall.com/lists/oss-security/2023/12/20/3 + https://www.paramiko.org/changelog.html + https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed + https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ + https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 + https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ + https://www.terrapin-attack.com + https://www.theregister.com/2023/12/20/terrapin_attack_ssh + https://www.vandyke.com/products/securecrt/history.txt +
golang.org/x/netCVE-2023-39325HIGHv0.8.00.17.0 + golang.org/x/net + https://access.redhat.com/errata/RHSA-2023:6077 + https://access.redhat.com/security/cve/CVE-2023-39325 + https://access.redhat.com/security/cve/CVE-2023-44487 + https://bugzilla.redhat.com/2242803 + https://bugzilla.redhat.com/2243296 + https://bugzilla.redhat.com/show_bug.cgi?id=2242803 + https://bugzilla.redhat.com/show_bug.cgi?id=2243296 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 + https://errata.almalinux.org/9/ALSA-2023-6077.html + https://errata.rockylinux.org/RLSA-2023:5863 + https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] + https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] + https://github.com/golang/go/issues/63417 + https://go.dev/cl/534215 + https://go.dev/cl/534235 + https://go.dev/issue/63417 + https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ + https://linux.oracle.com/cve/CVE-2023-39325.html + https://linux.oracle.com/errata/ELSA-2023-5867.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ + https://nvd.nist.gov/vuln/detail/CVE-2023-39325 + https://pkg.go.dev/vuln/GO-2023-2102 + https://security.gentoo.org/glsa/202311-09 + https://security.netapp.com/advisory/ntap-20231110-0008 + https://security.netapp.com/advisory/ntap-20231110-0008/ + https://ubuntu.com/security/notices/USN-6574-1 + https://ubuntu.com/security/notices/USN-7061-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 + https://www.cve.org/CVERecord?id=CVE-2023-39325 +
golang.org/x/netCVE-2023-3978MEDIUMv0.8.00.13.0 + https://access.redhat.com/errata/RHSA-2023:6474 + https://access.redhat.com/security/cve/CVE-2023-3978 + https://bugzilla.redhat.com/2174485 + https://bugzilla.redhat.com/2178358 + https://bugzilla.redhat.com/2178488 + https://bugzilla.redhat.com/2178492 + https://bugzilla.redhat.com/2184481 + https://bugzilla.redhat.com/2184482 + https://bugzilla.redhat.com/2184483 + https://bugzilla.redhat.com/2184484 + https://bugzilla.redhat.com/2196026 + https://bugzilla.redhat.com/2196027 + https://bugzilla.redhat.com/2196029 + https://bugzilla.redhat.com/2222167 + https://bugzilla.redhat.com/2228689 + https://errata.almalinux.org/9/ALSA-2023-6474.html + https://go.dev/cl/514896 + https://go.dev/issue/61615 + https://linux.oracle.com/cve/CVE-2023-3978.html + https://linux.oracle.com/errata/ELSA-2023-6939.html + https://nvd.nist.gov/vuln/detail/CVE-2023-3978 + https://pkg.go.dev/vuln/GO-2023-1988 + https://www.cve.org/CVERecord?id=CVE-2023-3978 +
golang.org/x/netCVE-2023-44487MEDIUMv0.8.00.17.0 + http://www.openwall.com/lists/oss-security/2023/10/13/4 + http://www.openwall.com/lists/oss-security/2023/10/13/9 + http://www.openwall.com/lists/oss-security/2023/10/18/4 + http://www.openwall.com/lists/oss-security/2023/10/18/8 + http://www.openwall.com/lists/oss-security/2023/10/19/6 + http://www.openwall.com/lists/oss-security/2023/10/20/8 + https://access.redhat.com/errata/RHSA-2023:6746 + https://access.redhat.com/security/cve/CVE-2023-44487 + https://access.redhat.com/security/cve/cve-2023-44487 + https://akka.io/security/akka-http-cve-2023-44487.html + https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size + https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ + https://aws.amazon.com/security/security-bulletins/AWS-2023-011 + https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ + https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack + https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ + https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack + https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ + https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty + https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ + https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack + https://blog.vespa.ai/cve-2023-44487 + https://blog.vespa.ai/cve-2023-44487/ + https://bugzilla.proxmox.com/show_bug.cgi?id=4988 + https://bugzilla.redhat.com/2242803 + https://bugzilla.redhat.com/show_bug.cgi?id=2242803 + https://bugzilla.suse.com/show_bug.cgi?id=1216123 + https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 + https://chaos.social/@icing/111210915918780532 + https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps + https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ + https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack + https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 + https://devblogs.microsoft.com/dotnet/october-2023-updates/ + https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 + https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve + https://errata.almalinux.org/9/ALSA-2023-6746.html + https://errata.rockylinux.org/RLSA-2023:5928 + https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 + https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 + https://github.com/Azure/AKS/issues/3947 + https://github.com/Kong/kong/discussions/11741 + https://github.com/advisories/GHSA-qppj-fm5r-hxr3 + https://github.com/advisories/GHSA-vx74-f528-fxqg + https://github.com/advisories/GHSA-xpw8-rcwv-8f8p + https://github.com/akka/akka-http/issues/4323 + https://github.com/akka/akka-http/pull/4324 + https://github.com/akka/akka-http/pull/4325 + https://github.com/alibaba/tengine/issues/1872 + https://github.com/apache/apisix/issues/10320 + https://github.com/apache/httpd-site/pull/10 + https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 + https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 + https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 + https://github.com/apache/trafficserver/pull/10564 + https://github.com/apple/swift-nio-http2 + https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 + https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 + https://github.com/bcdannyboy/CVE-2023-44487 + https://github.com/caddyserver/caddy/issues/5877 + https://github.com/caddyserver/caddy/releases/tag/v2.7.5 + https://github.com/dotnet/announcements/issues/277 + https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 + https://github.com/eclipse/jetty.project/issues/10679 + https://github.com/envoyproxy/envoy/pull/30055 + https://github.com/etcd-io/etcd/issues/16740 + https://github.com/facebook/proxygen/pull/466 + https://github.com/golang/go/issues/63417 + https://github.com/grpc/grpc-go/pull/6703 + https://github.com/grpc/grpc-go/releases + https://github.com/h2o/h2o/pull/3291 + https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf + https://github.com/haproxy/haproxy/issues/2312 + https://github.com/hyperium/hyper/issues/3337 + https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 + https://github.com/junkurihara/rust-rpxy/issues/97 + https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 + https://github.com/kazu-yamamoto/http2/issues/93 + https://github.com/kubernetes/kubernetes/pull/121120 + https://github.com/line/armeria/pull/5232 + https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 + https://github.com/micrictor/http2-rst-stream + https://github.com/microsoft/CBL-Mariner/pull/6381 + https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 + https://github.com/nghttp2/nghttp2/pull/1961 + https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 + https://github.com/ninenines/cowboy/issues/1615 + https://github.com/nodejs/node/pull/50121 + https://github.com/openresty/openresty/issues/930 + https://github.com/opensearch-project/data-prepper/issues/3474 + https://github.com/oqtane/oqtane.framework/discussions/3367 + https://github.com/projectcontour/contour/pull/5826 + https://github.com/tempesta-tech/tempesta/issues/1986 + https://github.com/varnishcache/varnish-cache/issues/3996 + https://go.dev/cl/534215 + https://go.dev/cl/534235 + https://go.dev/issue/63417 + https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo + https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ + https://istio.io/latest/news/security/istio-security-2023-004 + https://istio.io/latest/news/security/istio-security-2023-004/ + https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 + https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ + https://linux.oracle.com/cve/CVE-2023-44487.html + https://linux.oracle.com/errata/ELSA-2024-1444.html + https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q + https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html + https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html + https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html + https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html + https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html + https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html + https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 + https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 + https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html + https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html + https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html + https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 + https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ + https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 + https://my.f5.com/manage/s/article/K000137106 + https://netty.io/news/2023/10/10/4-1-100-Final.html + https://news.ycombinator.com/item?id=37830987 + https://news.ycombinator.com/item?id=37830998 + https://news.ycombinator.com/item?id=37831062 + https://news.ycombinator.com/item?id=37837043 + https://nodejs.org/en/blog/vulnerability/october-2023-security-releases + https://nvd.nist.gov/vuln/detail/CVE-2023-44487 + https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response + https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ + https://pkg.go.dev/vuln/GO-2023-2102 + https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected + https://security.gentoo.org/glsa/202311-09 + https://security.netapp.com/advisory/ntap-20231016-0001 + https://security.netapp.com/advisory/ntap-20231016-0001/ + https://security.netapp.com/advisory/ntap-20240426-0007 + https://security.netapp.com/advisory/ntap-20240426-0007/ + https://security.netapp.com/advisory/ntap-20240621-0006 + https://security.netapp.com/advisory/ntap-20240621-0006/ + https://security.netapp.com/advisory/ntap-20240621-0007 + https://security.netapp.com/advisory/ntap-20240621-0007/ + https://security.paloaltonetworks.com/CVE-2023-44487 + https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 + https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 + https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 + https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 + https://ubuntu.com/security/CVE-2023-44487 + https://ubuntu.com/security/notices/USN-6427-1 + https://ubuntu.com/security/notices/USN-6427-2 + https://ubuntu.com/security/notices/USN-6438-1 + https://ubuntu.com/security/notices/USN-6505-1 + https://ubuntu.com/security/notices/USN-6574-1 + https://ubuntu.com/security/notices/USN-6754-1 + https://ubuntu.com/security/notices/USN-6994-1 + https://ubuntu.com/security/notices/USN-7067-1 + https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records + https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ + https://www.cisa.gov/known-exploited-vulnerabilities-catalog + https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 + https://www.cve.org/CVERecord?id=CVE-2023-44487 + https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event + https://www.debian.org/security/2023/dsa-5521 + https://www.debian.org/security/2023/dsa-5522 + https://www.debian.org/security/2023/dsa-5540 + https://www.debian.org/security/2023/dsa-5549 + https://www.debian.org/security/2023/dsa-5558 + https://www.debian.org/security/2023/dsa-5570 + https://www.eclipse.org/lists/jetty-announce/msg00181.html + https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 + https://www.mail-archive.com/haproxy@formilux.org/msg44134.html + https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 + https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ + https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products + https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ + https://www.openwall.com/lists/oss-security/2023/10/10/6 + https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack + https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday + https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ +
golang.org/x/netCVE-2023-45288MEDIUMv0.8.00.23.0 + http://www.openwall.com/lists/oss-security/2024/04/03/16 + http://www.openwall.com/lists/oss-security/2024/04/05/4 + https://access.redhat.com/errata/RHSA-2024:2724 + https://access.redhat.com/security/cve/CVE-2023-45288 + https://bugzilla.redhat.com/2268017 + https://bugzilla.redhat.com/2268018 + https://bugzilla.redhat.com/2268019 + https://bugzilla.redhat.com/2268273 + https://bugzilla.redhat.com/show_bug.cgi?id=2268017 + https://bugzilla.redhat.com/show_bug.cgi?id=2268018 + https://bugzilla.redhat.com/show_bug.cgi?id=2268019 + https://bugzilla.redhat.com/show_bug.cgi?id=2268273 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 + https://errata.almalinux.org/9/ALSA-2024-2724.html + https://errata.rockylinux.org/RLSA-2024:3346 + https://go.dev/cl/576155 + https://go.dev/issue/65051 + https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M + https://kb.cert.org/vuls/id/421644 + https://linux.oracle.com/cve/CVE-2023-45288.html + https://linux.oracle.com/errata/ELSA-2024-3346.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ + https://nowotarski.info/http2-continuation-flood-technical-details + https://nowotarski.info/http2-continuation-flood/ + https://nvd.nist.gov/vuln/detail/CVE-2023-45288 + https://pkg.go.dev/vuln/GO-2024-2687 + https://security.netapp.com/advisory/ntap-20240419-0009 + https://security.netapp.com/advisory/ntap-20240419-0009/ + https://ubuntu.com/security/notices/USN-6886-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2023-45288 + https://www.kb.cert.org/vuls/id/421644 +
google.golang.org/protobufCVE-2024-24786MEDIUMv1.30.01.33.0 + http://www.openwall.com/lists/oss-security/2024/03/08/4 + https://access.redhat.com/errata/RHSA-2024:2550 + https://access.redhat.com/security/cve/CVE-2024-24786 + https://bugzilla.redhat.com/2268046 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 + https://errata.almalinux.org/9/ALSA-2024-2550.html + https://errata.rockylinux.org/RLSA-2024:2550 + https://github.com/protocolbuffers/protobuf-go + https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 + https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 + https://go-review.googlesource.com/c/protobuf/+/569356 + https://go.dev/cl/569356 + https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ + https://linux.oracle.com/cve/CVE-2024-24786.html + https://linux.oracle.com/errata/ELSA-2024-4246.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ + https://nvd.nist.gov/vuln/detail/CVE-2024-24786 + https://pkg.go.dev/vuln/GO-2024-2611 + https://security.netapp.com/advisory/ntap-20240517-0002 + https://security.netapp.com/advisory/ntap-20240517-0002/ + https://ubuntu.com/security/notices/USN-6746-1 + https://ubuntu.com/security/notices/USN-6746-2 + https://www.cve.org/CVERecord?id=CVE-2024-24786 +
k8s.io/client-goCVE-2020-8565MEDIUMv0.19.10.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16 + https://access.redhat.com/security/cve/CVE-2020-8565 + https://github.com/kubernetes/client-go + https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 + https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 + https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 + https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 + https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 + https://github.com/kubernetes/kubernetes/issues/95623 + https://github.com/kubernetes/kubernetes/pull/95316 + https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk + https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ + https://nvd.nist.gov/vuln/detail/CVE-2020-8565 + https://pkg.go.dev/vuln/GO-2021-0064 + https://www.cve.org/CVERecord?id=CVE-2020-8565 + https://www.cve.org/cverecord?id=CVE-2020-8565 +
stdlibCVE-2024-34156HIGHv1.22.61.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9473 + https://access.redhat.com/security/cve/CVE-2024-34156 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2318052 + https://bugzilla.redhat.com/show_bug.cgi?id=2262921 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://errata.almalinux.org/9/ALSA-2024-9473.html + https://errata.rockylinux.org/RLSA-2024:7262 + https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) + https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) + https://go.dev/cl/611239 + https://go.dev/issue/69139 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34156.html + https://linux.oracle.com/errata/ELSA-2024-9473.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34156 + https://pkg.go.dev/vuln/GO-2024-3106 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34156 +
stdlibCVE-2024-34155MEDIUMv1.22.61.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34155 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) + https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) + https://go.dev/cl/611238 + https://go.dev/issue/69138 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34155.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34155 + https://pkg.go.dev/vuln/GO-2024-3105 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34155 +
stdlibCVE-2024-34158MEDIUMv1.22.61.22.7, 1.23.1 + https://access.redhat.com/errata/RHSA-2024:9459 + https://access.redhat.com/security/cve/CVE-2024-34158 + https://bugzilla.redhat.com/2310527 + https://bugzilla.redhat.com/2310528 + https://bugzilla.redhat.com/2310529 + https://bugzilla.redhat.com/2315691 + https://bugzilla.redhat.com/2315887 + https://bugzilla.redhat.com/2317458 + https://bugzilla.redhat.com/2317467 + https://bugzilla.redhat.com/show_bug.cgi?id=2295310 + https://bugzilla.redhat.com/show_bug.cgi?id=2310527 + https://bugzilla.redhat.com/show_bug.cgi?id=2310528 + https://bugzilla.redhat.com/show_bug.cgi?id=2310529 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 + https://errata.almalinux.org/9/ALSA-2024-9459.html + https://errata.rockylinux.org/RLSA-2024:6913 + https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) + https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) + https://go.dev/cl/611240 + https://go.dev/issue/69141 + https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + https://groups.google.com/g/golang-dev/c/S9POB9NCTdk + https://linux.oracle.com/cve/CVE-2024-34158.html + https://linux.oracle.com/errata/ELSA-2024-9459.html + https://nvd.nist.gov/vuln/detail/CVE-2024-34158 + https://pkg.go.dev/vuln/GO-2024-3107 + https://ubuntu.com/security/notices/USN-7081-1 + https://ubuntu.com/security/notices/USN-7109-1 + https://ubuntu.com/security/notices/USN-7111-1 + https://www.cve.org/CVERecord?id=CVE-2024-34158 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
github.com/rancher/local-path-provisionerv0.0.24
stdlibv1.22.6
github.com/Sirupsen/logrusv0.11.0
github.com/beorn7/perksv1.0.1
github.com/cespare/xxhash/v2v2.1.2
github.com/davecgh/go-spewv1.1.1
github.com/go-logr/logrv0.2.0
github.com/gogo/protobufv1.3.1
github.com/golang/groupcachev0.0.0-20200121045136-8c9f03a8e57e
github.com/golang/protobufv1.5.3
github.com/google/go-cmpv0.5.8
github.com/google/gofuzzv1.1.0
github.com/google/uuidv1.1.1
github.com/googleapis/gnosticv0.4.1
github.com/hashicorp/golang-lruv0.5.1
github.com/imdario/mergov0.3.5
github.com/json-iterator/gov1.1.12
github.com/matttproud/golang_protobuf_extensionsv1.0.1
github.com/miekg/dnsv1.1.29
github.com/modern-go/concurrentv0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2v1.0.2
github.com/pkg/errorsv0.9.1
github.com/prometheus/client_golangv1.11.1
github.com/prometheus/client_modelv0.3.0
github.com/prometheus/commonv0.32.1
github.com/prometheus/procfsv0.8.0
github.com/spf13/pflagv1.0.5
github.com/urfave/cliv1.19.1
golang.org/x/cryptov0.7.0
golang.org/x/netv0.8.0
golang.org/x/oauth2v0.6.0
golang.org/x/sysv0.6.0
golang.org/x/termv0.6.0
golang.org/x/textv0.8.0
golang.org/x/timev0.3.0
google.golang.org/protobufv1.30.0
gopkg.in/inf.v0v0.9.1
gopkg.in/yaml.v2v2.4.0
k8s.io/apiv0.19.1
k8s.io/apimachineryv0.19.1
k8s.io/client-gov0.19.1
k8s.io/klog/v2v2.3.0
k8s.io/kube-openapiv0.0.0-20200805222855-6aeccd4b50c6
k8s.io/utilsv0.0.0-20200729134348-d5654de09c73
sigs.k8s.io/sig-storage-lib-external-provisioner/v8v8.0.0
sigs.k8s.io/structured-merge-diff/v4v4.0.1
sigs.k8s.io/yamlv1.2.0
+ + + + + + \ No newline at end of file diff --git a/render/testdata/golden/happy.html b/render/testdata/golden/happy.html index 25e2657..3b5bd9d 100644 --- a/render/testdata/golden/happy.html +++ b/render/testdata/golden/happy.html @@ -4,757 +4,1663 @@ Trivy Report - + + +

Trivy Report - alpine:latest +

+
+ +
+ +
+
+ + +
+ - .vuln { - word-wrap: anywhere; - } + +
+
+
+
+
+
+ +
+ +
+

alpine:latest

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Package + + + + Vulnerability ID + + + + Severity + + + + Installed Version + + + + Fixed Version + + + + Links + + + +
libcrypto3CVE-2024-9143LOW3.3.2-r03.3.2-r1 + https://access.redhat.com/security/cve/CVE-2024-9143 + https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 + https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 + https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 + https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 + https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a + https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 + https://nvd.nist.gov/vuln/detail/CVE-2024-9143 + https://openssl-library.org/news/secadv/20241016.txt + https://www.cve.org/CVERecord?id=CVE-2024-9143 +
libssl3CVE-2024-9143LOW3.3.2-r03.3.2-r1 + https://access.redhat.com/security/cve/CVE-2024-9143 + https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 + https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 + https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 + https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 + https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a + https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 + https://nvd.nist.gov/vuln/detail/CVE-2024-9143 + https://openssl-library.org/news/secadv/20241016.txt + https://www.cve.org/CVERecord?id=CVE-2024-9143 +
+
+

Packages

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID + + + + Name + + + + Version + + + + SrcName + + + + SrcVersion + + + +
libfreetype6@2.13.2+dfsg-1build3libfreetype62.13.2+dfsgfreetype2.13.2+dfsg
libgcc-s1@14-20240412-0ubuntu1libgcc-s114-20240412gcc-1414-20240412
- .group-header th { - font-size: 200%; - } +
+

alpine:latest

+
+
+ + + + + + + - table, - th, - td { - border-bottom: 1px solid #0000001f; - border-collapse: collapse; - padding: .3em; - white-space: normal; - } + - table { - margin: 0 auto; - table-layout: fixed; - width: 100%; - border: 1px solid #ddd; - } + + + + + + + + + + + + + + + + + + + + + + + + + +
Type + + + + Misconf ID + + + + Check + + + + Severity + + + + Message + + + +
Dockerfile Security Check DS001':latest' tag usedMEDIUMSpecify a tag in the 'FROM' statement for image 'ansibleplaybookbundle/apb-base' +
+ https://avd.aquasec.com/misconfig/ds001 +
+
Dockerfile Security Check DS011COPY with more than two arguments not ending with slashCRITICALSlash is expected at the end of COPY command argument '}}' +
+ https://avd.aquasec.com/misconfig/ds011 +
+
Dockerfile Security Check DS026No HEALTHCHECK definedLOWAdd HEALTHCHECK instruction in your Dockerfile +
+ https://avd.aquasec.com/misconfig/ds026 +
+
- .severity { - font-weight: bold; - } +
+
+ +
+ + +
+
+
+
+
- table tr td:first-of-type { - font-weight: bold; - } +
+

/etc/ssl/private/ssl-cert-snakeoil.key

+
+
+

+ /etc/ssl/private/ssl-cert-snakeoil.key + (secret) +

- .links a, - .links[data-more-links=on] a { - display: block; - } +
+
+
+ HIGH + AsymmetricPrivateKey (private-key) +
+
Asymmetric Private Key
+
+ /etc/ssl/private/ssl-cert-snakeoil.key + : + + + 1 + +
+
+
+
1
+
+ 
 -----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY
+
+
+
+
2
+
+
+
+
+
+
+
+
+ + + + + + - - - - -
-

Trivy Report - alpine:latest -

-
- -
-
-

alpine:latest

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Package - - - - Vulnerability ID - - - - Severity - - - - Installed Version - - - - Fixed Version - - - - Links - - - -
libcrypto3CVE-2024-9143LOW3.3.2-r03.3.2-r1 - https://access.redhat.com/security/cve/CVE-2024-9143 - https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 - https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 - https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 - https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 - https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a - https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 - https://nvd.nist.gov/vuln/detail/CVE-2024-9143 - https://openssl-library.org/news/secadv/20241016.txt - https://www.cve.org/CVERecord?id=CVE-2024-9143 -
libssl3CVE-2024-9143LOW3.3.2-r03.3.2-r1 - https://access.redhat.com/security/cve/CVE-2024-9143 - https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 - https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 - https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 - https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 - https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a - https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 - https://nvd.nist.gov/vuln/detail/CVE-2024-9143 - https://openssl-library.org/news/secadv/20241016.txt - https://www.cve.org/CVERecord?id=CVE-2024-9143 -
-
-

Packages

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ID - - - - Name - - - - Version - - - - SrcName - - - - SrcVersion - - - -
libfreetype6@2.13.2+dfsg-1build3libfreetype62.13.2+dfsgfreetype2.13.2+dfsg
libgcc-s1@14-20240412-0ubuntu1libgcc-s114-20240412gcc-1414-20240412
-
-

alpine:latest

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Type - - - - Misconf ID - - - - Check - - - - Severity - - - - Message - - - -
Dockerfile Security CheckDS001':latest' tag usedMEDIUMSpecify a tag in the 'FROM' statement for image 'ansibleplaybookbundle/apb-base' -
- https://avd.aquasec.com/misconfig/ds001 -
-
Dockerfile Security CheckDS011COPY with more than two arguments not ending with slashCRITICALSlash is expected at the end of COPY command argument '}}' -
- https://avd.aquasec.com/misconfig/ds011 -
-
Dockerfile Security CheckDS026No HEALTHCHECK definedLOWAdd HEALTHCHECK instruction in your Dockerfile -
- https://avd.aquasec.com/misconfig/ds026 -
-
-
-

/etc/ssl/private/ssl-cert-snakeoil.key

-
-
-

- /etc/ssl/private/ssl-cert-snakeoil.key - (secret) -

- -
-
-
- HIGH - AsymmetricPrivateKey (private-key) -
-
Asymmetric Private Key
-
- /etc/ssl/private/ssl-cert-snakeoil.key - : - - - 1 - -
-
-
-
1
-
- 
 -----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY
-
-
-
-
2
-
-
-
-
-
-
-
-
-
+ insertAfter(thead, tbody); + }; + tables.forEach((table, tableIx) => { + table.addEventListener("click", (e) => { + e.stopPropagation(); + const el = e.target; + const type = el.getAttribute("data-type"); + const sortable = el.getAttribute("data-sortable") === "true"; + if (el.nodeName !== "TH" || !sortable) return; + const cellIndex = el.cellIndex; + sortTable(tableIx, cellIndex, type, colIx === cellIndex); + colIx = colIx === cellIndex ? -1 : cellIndex; + }); + }); +} + +document.addEventListener("DOMContentLoaded", () => { + attachLinksInteractivity(); + attachSortInteractivity(); + attachFilterInteractivity(); +}); + \ No newline at end of file diff --git a/render/testdata/input/graph.json b/render/testdata/input/graph.json new file mode 100644 index 0000000..9aa1819 --- /dev/null +++ b/render/testdata/input/graph.json @@ -0,0 +1,999 @@ +{ + "SchemaVersion": 2, + "CreatedAt": "2024-12-09T11:32:53.658007878+06:00", + "ArtifactName": "examples", + "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "log-storage", + "Class": "config", + "Type": "terraform", + "MisconfSummary": { + "Successes": 38, + "Failures": 0 + } + }, + { + "Target": "log-storage/modules/foo/modules/bar/modules/baz/main.tf", + "Class": "config", + "Type": "terraform", + "MisconfSummary": { + "Successes": 0, + "Failures": 9 + }, + "Misconfigurations": [ + { + "Type": "Terraform Security Check", + "ID": "AVD-AWS-0086", + "AVDID": "AVD-AWS-0086", + "Title": "S3 Access block should block public ACL", + "Description": "S3 buckets should block public ACLs on buckets and any objects they contain. By blocking, PUTs with fail if the object has any public ACL a.\n", + "Message": "No public access block so not blocking public acls", + "Namespace": "builtin.aws.s3.aws0086", + "Query": "data.builtin.aws.s3.aws0086.deny", + "Resolution": "Enable blocking any PUT calls with a public ACL specified", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0086", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", + "https://avd.aquasec.com/misconfig/avd-aws-0086" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + }, + { + "Type": "Terraform Security Check", + "ID": "AVD-AWS-0087", + "AVDID": "AVD-AWS-0087", + "Title": "S3 Access block should block public policy", + "Description": "S3 bucket policy should have block public policy to prevent users from putting a policy that enable public access.\n", + "Message": "No public access block so not blocking public policies", + "Namespace": "builtin.aws.s3.aws0087", + "Query": "data.builtin.aws.s3.aws0087.deny", + "Resolution": "Prevent policies that allow public access being PUT", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0087", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/access-control-block-public-access.html", + "https://avd.aquasec.com/misconfig/avd-aws-0087" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + }, + { + "Type": "Terraform Security Check", + "ID": "AVD-AWS-0088", + "AVDID": "AVD-AWS-0088", + "Title": "Unencrypted S3 bucket.", + "Description": "S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.\n", + "Message": "Bucket does not have encryption enabled", + "Namespace": "builtin.aws.s3.aws0088", + "Query": "data.builtin.aws.s3.aws0088.deny", + "Resolution": "Configure bucket encryption", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0088", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html", + "https://avd.aquasec.com/misconfig/avd-aws-0088" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + }, + { + "Type": "Terraform Security Check", + "ID": "s3-bucket-logging", + "AVDID": "AVD-AWS-0089", + "Title": "S3 Bucket Logging", + "Description": "Ensures S3 bucket logging is enabled for S3 buckets", + "Message": "Bucket has logging disabled", + "Namespace": "builtin.aws.s3.aws0089", + "Query": "data.builtin.aws.s3.aws0089.deny", + "Resolution": "Add a logging block to the resource to enable access logging", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/s3-bucket-logging", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html", + "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html", + "https://avd.aquasec.com/misconfig/s3-bucket-logging" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + }, + { + "Type": "Terraform Security Check", + "ID": "AVD-AWS-0090", + "AVDID": "AVD-AWS-0090", + "Title": "S3 Data should be versioned", + "Description": "Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket.\n\nYou can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.\n\nWith versioning you can recover more easily from both unintended user actions and application failures.\n", + "Message": "Bucket does not have versioning enabled", + "Namespace": "builtin.aws.s3.aws0090", + "Query": "data.builtin.aws.s3.aws0090.deny", + "Resolution": "Enable versioning to protect against accidental/malicious removal or modification", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0090", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html", + "https://avd.aquasec.com/misconfig/avd-aws-0090" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + }, + { + "Type": "Terraform Security Check", + "ID": "AVD-AWS-0091", + "AVDID": "AVD-AWS-0091", + "Title": "S3 Access Block should Ignore Public Acl", + "Description": "S3 buckets should ignore public ACLs on buckets and any objects they contain. By ignoring rather than blocking, PUT calls with public ACLs will still be applied but the ACL will be ignored.\n", + "Message": "No public access block so not blocking public acls", + "Namespace": "builtin.aws.s3.aws0091", + "Query": "data.builtin.aws.s3.aws0091.deny", + "Resolution": "Enable ignoring the application of public ACLs in PUT calls", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0091", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", + "https://avd.aquasec.com/misconfig/avd-aws-0091" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + }, + { + "Type": "Terraform Security Check", + "ID": "AVD-AWS-0093", + "AVDID": "AVD-AWS-0093", + "Title": "S3 Access block should restrict public bucket to limit access", + "Description": "S3 buckets should restrict public policies for the bucket. By enabling, the restrict_public_buckets, only the bucket owner and AWS Services can access if it has a public policy.\n", + "Message": "No public access block so not restricting public buckets", + "Namespace": "builtin.aws.s3.aws0093", + "Query": "data.builtin.aws.s3.aws0093.deny", + "Resolution": "Limit the access to public buckets to only the owner or AWS Services (eg; CloudFront)", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0093", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/access-control-block-public-access.html", + "https://avd.aquasec.com/misconfig/avd-aws-0093" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + }, + { + "Type": "Terraform Security Check", + "ID": "AVD-AWS-0094", + "AVDID": "AVD-AWS-0094", + "Title": "S3 buckets should each define an aws_s3_bucket_public_access_block", + "Description": "The \"block public access\" settings in S3 override individual policies that apply to a given bucket, meaning that all public access can be controlled in one central types for that bucket. It is therefore good practice to define these settings for each bucket in order to clearly define the public access that can be allowed for it.\n", + "Message": "Bucket does not have a corresponding public access block.", + "Namespace": "builtin.aws.s3.aws0094", + "Query": "data.builtin.aws.s3.aws0094.deny", + "Resolution": "Define a aws_s3_bucket_public_access_block for the given bucket to control public access policies", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0094", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", + "https://avd.aquasec.com/misconfig/avd-aws-0094" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + }, + { + "Type": "Terraform Security Check", + "ID": "AVD-AWS-0132", + "AVDID": "AVD-AWS-0132", + "Title": "S3 encryption should use Customer Managed Keys", + "Description": "Encryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.\n", + "Message": "Bucket does not encrypt data with a customer managed key.", + "Namespace": "builtin.aws.s3.aws0132", + "Query": "data.builtin.aws.s3.aws0132.deny", + "Resolution": "Enable encryption using customer managed keys", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0132", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html", + "https://avd.aquasec.com/misconfig/avd-aws-0132" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + } + + ] + }, + { + "Target": "log-storage/modules/foo/modules/bar/modules/baz/main.tf", + "Class": "config", + "Type": "terraform", + "MisconfSummary": { + "Successes": 0, + "Failures": 9 + }, + "Misconfigurations": [ + { + "Type": "Terraform Security Check", + "ID": "AVD-AWS-0086", + "AVDID": "AVD-AWS-0086", + "Title": "S3 Access block should block public ACL", + "Description": "S3 buckets should block public ACLs on buckets and any objects they contain. By blocking, PUTs with fail if the object has any public ACL a.\n", + "Message": "No public access block so not blocking public acls", + "Namespace": "builtin.aws.s3.aws0086", + "Query": "data.builtin.aws.s3.aws0086.deny", + "Resolution": "Enable blocking any PUT calls with a public ACL specified", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0086", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", + "https://avd.aquasec.com/misconfig/avd-aws-0086" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + }, + { + "Type": "Terraform Security Check", + "ID": "AVD-AWS-0086", + "AVDID": "AVD-AWS-0086", + "Title": "S3 Access block should block public ACL", + "Description": "S3 buckets should block public ACLs on buckets and any objects they contain. By blocking, PUTs with fail if the object has any public ACL a.\n", + "Message": "No public access block so not blocking public acls", + "Namespace": "builtin.aws.s3.aws0086", + "Query": "data.builtin.aws.s3.aws0086.deny", + "Resolution": "Enable blocking any PUT calls with a public ACL specified", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0086", + "References": [ + "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", + "https://avd.aquasec.com/misconfig/avd-aws-0086" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Resource": "module.foo", + "Provider": "AWS", + "Service": "s3", + "StartLine": 1, + "EndLine": 3, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "resource \"aws_s3_bucket\" \"test\" {", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"test\"\u001b[0m {", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 2, + "Content": " bucket = \"test\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"test\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 3, + "Content": "}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m}", + "FirstCause": false, + "LastCause": true + } + ] + }, + "Occurrences": [ + { + "Resource": "module.baz", + "Filename": "log-storage/modules/foo/modules/bar/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.bar", + "Filename": "log-storage/modules/foo/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + }, + { + "Resource": "module.foo", + "Filename": "log-storage/main.tf", + "Location": { + "StartLine": 1, + "EndLine": 3 + } + } + ] + } + } + ] + } + ] +}