search

F5Networks / f5-ipam-controller

The F5 IPAM Controller runs in an orchestration environment like Kubernetes to allocate IP addresses from an IPAM system to BIG-IP Virtual Servers. The purpose is to abstract complexity related to setting up BIG-IP from a networking perspective
Apache License 2.0
10 stars 17 forks source link

f5-ipam-controller update. The current release has multiple high vulnerabilities. #153

Open bfields1 opened 7 months ago

bfields1 commented 7 months ago

Requesting F5-ipam-controller update due to the current release having multiple high vulnerabilities.

The current release of the F5 ipam controller has multiple high vulnerabilities detected when scanned with a vulnerability scanner like trivy.

Our most recent scan of the F5 ipam controller through harbor using trivy shows the following high vulnerabilities. CVE-2023-38545, CVE-2023-2491, CVE-2023-28617, CVE-2023-4911, CVE-2023-4911, CVE-2023-4911, CVE-2023-38545, CVE-2023-30079, CVE-2023-44487, CVE-2023-24329, CVE-2023-40217, CVE-2023-24329, CVE-2023-40217, CVE-2023-24329, CVE-2023-40217, CVE-2022-41723, CVE-2023-39325

trinaths commented 7 months ago

@bfields1 Please share the vulnerability scan report to automation_toolchain_pm automation_toolchain_pm@f5.com for further review.

trinaths commented 7 months ago

Created [CONTCNTR-4673] for internal tracking.

bfields1 commented 7 months ago

@trinaths The report has been emailed to the address provided. Thank you.

trinaths commented 7 months ago

@bfields1 Please rescan the build quay.io/f5networks/f5-ipam-controller-devel:d8915edf3ed15cdd2cbbb0bb4a013ab94dd4dcac

New release IPAM with CVE fixes in progress

shkarface commented 6 months ago

@trinaths any progress on this?