search

kubernetes-sigs / aws-efs-csi-driver

CSI Driver for Amazon EFS https://aws.amazon.com/efs/
Apache License 2.0
724 stars 555 forks source link

Fix Medium severity CVEs #1452

Closed ramandeepsharma closed 4 weeks ago

ramandeepsharma commented 2 months ago

/kind bug

What happened? A scan detected the following CVE:

What you expected to happen? Please address the identified CVE.

Vulnerability_id Package Name Vulnerable Version Fixed Version Type Severity
CVE-2024-5535 openssl 1:1.0.2k-24.amzn2.0.12 1:1.0.2k-24.amzn2.0.13 amazon MEDIUM
CVE-2024-5535 openssl-libs 1:1.0.2k-24.amzn2.0.12 1:1.0.2k-24.amzn2.0.13 amazon MEDIUM

CVE found related to k8s.io/kubernetes version as well:

Vulnerability_id Package Name Vulnerable Version Fixed Version Type Severity
CVE-2024-5321 k8s.io/kubernetes v1.26.11 1.27.16, 1.28.12, 1.29.7, 1.30.3 gobinary MEDIUM

Environment

mskanth972 commented 2 months ago

We Mitigated in the latest version v2.0.8, can you pull the latest image.

public.ecr.aws/efs-csi-driver/amazon/aws-efs-csi-driver:v2.0.8 (amazon 2 (Karoo))

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
mskanth972 commented 4 weeks ago

CVEs are mitigated. Closing this issue, feel free to reopen if you are seeing the CVEs still.