search

kubernetes-sigs / aws-efs-csi-driver

CSI Driver for Amazon EFS https://aws.amazon.com/efs/
Apache License 2.0
693 stars 524 forks source link

Patch CVE Vulnerabilities in AWS EFS CSI Driver #1352

Closed yash-acquia closed 1 month ago

yash-acquia commented 1 month ago

/kind bug

What happened? A scan detected the following CVEs:

What you expected to happen? Please address the identified CVEs.

Vulnerability_id Package Name Vulnerable Version Fixed Version Type Severity
CVE-2024-2961 glibc, glibc-common, glibc-minimal-langpack, libcrypt 2.26-63.amzn2.0.1 2.26-64.amzn2.0.1 amazon HIGH
CVE-2023-5528 k8s.io/kubernetes v1.26.10 1.28.4, 1.27.8, 1.26.11, 1.25.16 gobinary HIGH
CVE-2023-45288 golang.org/x/net v0.17.0 0.23.0 gobinary MEDIUM
CVE-2024-3177 k8s.io/kubernetes v1.26.10 1.27.13, 1.29.4, 1.28.9 gobinary LOW

Environment

mskanth972 commented 1 month ago

We have released version 2.0.3, which includes fixes for these CVEs. Please upgrade to this version. The Add-on will be available by 05/31.

mskanth972 commented 1 month ago

Closing the issue, please feel free to open if you are facing the issue still.