Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Alert: 1.18.2 #10527

Closed
soloio-bot opened this issue Dec 23, 2024 · 1 comment
Closed

Security Alert: 1.18.2 #10527

soloio-bot opened this issue Dec 23, 2024 · 1 comment
Assignees
@sam-heilbron
Labels
Prioritized Indicating issue prioritized to be worked on in RFE stream trivy vulnerability

Comments

@soloio-bot
Copy link

quay.io/solo-io/access-logger:1.18.2

No Vulnerabilities Found for quay.io/solo-io/access-logger:1.18.2

quay.io/solo-io/certgen:1.18.2

No Vulnerabilities Found for quay.io/solo-io/certgen:1.18.2

quay.io/solo-io/discovery:1.18.2

No Vulnerabilities Found for quay.io/solo-io/discovery:1.18.2

quay.io/solo-io/gloo:1.18.2

No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.2

quay.io/solo-io/gloo-envoy-wrapper:1.18.2

No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.2

quay.io/solo-io/ingress:1.18.2

No Vulnerabilities Found for quay.io/solo-io/ingress:1.18.2

quay.io/solo-io/kubectl:1.18.2

No Vulnerabilities Found for quay.io/solo-io/kubectl:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/kubectl

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2024-45338 golang.org/x/net HIGH v0.26.0 0.33.0 https://avd.aquasec.com/nvd/cve-2024-45338

quay.io/solo-io/sds:1.18.2

No Vulnerabilities Found for quay.io/solo-io/sds:1.18.2
@solo-changelog-bot solo-changelog-bot bot mentioned this issue Dec 24, 2024
Merged
4 tasks
@sam-heilbron sam-heilbron self-assigned this Dec 24, 2024
@sam-heilbron sam-heilbron added the Prioritized Indicating issue prioritized to be worked on in RFE stream label Dec 24, 2024
@sam-heilbron
Copy link 

trivy image --severity HIGH,CRITICAL quay.io/solo-io/kubectl:1.18.2 --ignorefile ./.trivyignore

2024-12-26T09:58:07-05:00       INFO    [vuln] Vulnerability scanning is enabled
2024-12-26T09:58:07-05:00       INFO    [secret] Secret scanning is enabled
2024-12-26T09:58:07-05:00       INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-26T09:58:07-05:00       INFO    [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-26T09:58:15-05:00       INFO    Detected OS     family="alpine" version="3.17.6"
2024-12-26T09:58:15-05:00       INFO    [alpine] Detecting vulnerabilities...   os_version="3.17" repository="3.17" pkg_num=15
2024-12-26T09:58:15-05:00       INFO    Number of language-specific files       num=1
2024-12-26T09:58:15-05:00       INFO    [gobinary] Detecting vulnerabilities...
2024-12-26T09:58:15-05:00       WARN    This OS version is no longer supported by the distribution      family="alpine" version="3.17.6"
2024-12-26T09:58:15-05:00       WARN    The vulnerability detection may be insufficient because security updates are not provided

quay.io/solo-io/kubectl:1.18.2 (alpine 3.17.6)

Total: 0 (HIGH: 0, CRITICAL: 0)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sam-heilbron sam-heilbron

Labels
Prioritized Indicating issue prioritized to be worked on in RFE stream trivy vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sam-heilbron @soloio-bot