Skip to content

Commit 770c5a5

Browse files
pmotykapmotyka
committed
updated security findings
1 parent bf165b4 commit 770c5a5

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

releases/v0.4.0/security_findings.csv

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
Component,Vulnerability,AWS Assessment
2+
cloud.google.com/go/storage:1.10.0,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Astorage_project&cpe_product=cpe%3A%2F%3Astorage_project%3Astorage&cpe_version=cpe%3A%2F%3Astorage_project%3Astorage%3A1.10.0,No exploitable issue. This finding only affects applications unpacking container Image manifests.
3+
github.com/coreos/etcd:3.3.13+incompatible,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aetcd&cpe_product=cpe%3A%2F%3Aetcd%3Aetcd&cpe_version=cpe%3A%2F%3Aetcd%3Aetcd%3A3.3.13,"No exploitable issue. etcd is unused in Kubernetes CAPI controllers, only the Kubernetes API server interacts with an etcd database."
4+
github.com/docker/distribution:2.7.1+incompatible,cpe:2.3:a:docker:docker:2.7.1,No exploitable issue. The Docker API and client are unused in a Kubernetes CAPI controller.
5+
github.com/grpc-ecosystem/go-grpc-middleware:1.3.0,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A1.3.0,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
6+
github.com/grpc-ecosystem/go-grpc-prometheus:1.2.0,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A1.2.0,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
7+
github.com/grpc-ecosystem/grpc-gateway:1.16.0,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A1.16.0,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
8+
github.com/hashicorp/consul/api:1.1.0,cpe:2.3:a:hashicorp:consul:1.1.0,No exploitable issue. Consul is unused by a Kubernetes CAPI controller.
9+
github.com/hashicorp/consul/sdk:0.1.1,cpe:2.3:a:hashicorp:consul:0.1.1,No exploitable issue. Consul is unused by a Kubernetes CAPI controller.
10+
github.com/matttproud/golang_protobuf_extensions:1.0.2-0.20181231171920-c182affec369,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agolang&cpe_product=cpe%3A%2F%3Agolang%3Aprotobuf&cpe_version=cpe%3A%2F%3Agolang%3Aprotobuf%3A1.0.2.0.20181231171920.c182.fec369,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
11+
github.com/prometheus/client_golang:1.11.0,cpe:2.3:a:prometheus:prometheus:1.11.0,No exploitable issue. The mentioned vulnerability is related to the Prometheus UI.
12+
github.com/prometheus/client_model:0.2.0,cpe:2.3:a:prometheus:prometheus:0.2.0,No exploitable issue. The mentioned vulnerability is related to the Prometheus UI.
13+
github.com/prometheus/common:0.32.1,cpe:2.3:a:prometheus:prometheus:0.32.1,No exploitable issue. The mentioned vulnerability is related to the Prometheus UI.
14+
github.com/prometheus/procfs:0.7.3,cpe:2.3:a:prometheus:prometheus:0.7.3,No exploitable issue. The mentioned vulnerability is related to the Prometheus UI.
15+
github.com/prometheus/tsdb:0.7.1,cpe:2.3:a:prometheus:prometheus:0.7.1,No exploitable issue. The mentioned vulnerability is related to the Prometheus UI.
16+
github.com/tmc/grpc-websocket-proxy:0.0.0-20201229170055-e5319fda7802 ,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A0.0.0.20201229170055.e5319.fda7802,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
17+
go.etcd.io/etcd/client/v2:2.305.0,cpe:2.3:a:etcd:etcd:2.305.0,"No exploitable issue. etcd is unused in Kubernetes CAPI controllers, only the Kubernetes API server interacts with an etcd database."
18+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc:0.20.0 ,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A0.20.0,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
19+
google.golang.org/grpc/cmd/protoc-gen-go-grpc:1.1.0,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A1.1.0,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
20+
github.com/docker/distribution,https://github.com/advisories/GHSA-qq97-vm5h-rrhg,No exploitable issue. Vulnerable code is not actually used.

0 commit comments

Comments
 (0)