Vulnerabilities in fluentd-kubernetes-daemonset:v1.15.2-debian-opensearch-1.0 - Githubissues

fluent / fluentd-kubernetes-daemonset

Fluentd daemonset for Kubernetes and it Docker image

Apache License 2.0

1.26k stars 978 forks source link

Vulnerabilities in fluentd-kubernetes-daemonset:v1.15.2-debian-opensearch-1.0 #1391

Closed jefftyn closed 1 year ago

jefftyn commented 1 year ago

Describe the bug

Hi team,

In our trivy scan report there are several CRITICAL vulnerabilities in the latest image fluentd-kubernetes-daemonset:v1.15.2-debian-opensearch-1.0.

<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40">

Library | Vulnerability | Severity | Installed Version | Title -- | -- | -- | -- | -- e2fsprogs | CVE-2022-1304 | HIGH | 1.46.2-2 | e2fsprogs: out-of-bounds read/write via crafted filesystem https://avd.aquasec.com/nvd/cve-2022-130 libc-bin | CVE-2021-3999 | HIGH | 2.31-13+deb11u3 | glibc: Off-by-one buffer overflow/underflow in getcwd() https://avd.aquasec.com/nvd/cve-2021-3999 libc6 | CVE-2021-3999 | HIGH | 2.31-13+deb11u4 | glibc: Off-by-one buffer overflow/underflow in getcwd() https://avd.aquasec.com/nvd/cve-2021-3999 libcom-err2 | CVE-2022-1304 | HIGH | 1.46.2-2 | e2fsprogs: out-of-bounds read/write via crafted filesystem https://avd.aquasec.com/nvd/cve-2022-1304 libdb5.3 | CVE-2019-8457 | CRITICAL | 5.3.28+dfsg1-0.8 | sqlite: heap out-of-bound read in function rtreenode() https://avd.aquasec.com/nvd/cve-2019-8457 libext2fs2 | CVE-2022-1304 | HIGH | 1.46.2-2 | e2fsprogs: out-of-bounds read/write via crafted filesystem https://avd.aquasec.com/nvd/cve-2022-1304 libncurses6 | CVE-2022-29458 | HIGH | 6.2+20201114-2 | ncurses: segfaulting OOB read https://avd.aquasec.com/nvd/cve-2022-29458 libpcre2-8-0 | CVE-2022-1586 | CRITICAL | 10.36-2 | pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c https://avd.aquasec.com/nvd/cve-2022-1586 libtasn1-6 | CVE-2021-46848 | CRITICAL | 4.16.0-2 | GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ......https://avd.aquasec.com/nvd/cve-2021-46848 linux-libc-dev | CVE-2022-3649 | CRITICAL | 5.10.136-1 | A vulnerability was found in Linux Kernel. It has been classified as... https://avd.aquasec.com/nvd/cve-2022-3649 zlib1g | CVE-2022-37434 | CRITICAL | 1:1.2.11.dfsg-2+deb11u1 | zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a... https://avd.aquasec.com/nvd/cve-2022-37434

Is there any plan for these vulnerabilities? Thanks.

To Reproduce

N/A

Expected behavior

N/A

Your Environment

- Fluentd version:fluentd-kubernetes-daemonset:v1.15.2-debian-opensearch-1.0

Your Configuration

N/A

Your Error Log

N/A

Additional context

No response

martinelli-francesco commented 1 year ago

The vulnerability scan on fluent/fluentd-kubernetes-daemonset:v1.15.3-debian-elasticsearch7-1.0 has still al lot of vulnerabilities (https://trivy.dev/results/?image=fluent/fluentd-kubernetes-daemonset:v1.15.3-debian-elasticsearch7-1.0)

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days

github-actions[bot] commented 1 year ago

This issue was automatically closed because of stale in 30 days