Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Critical CVEs in at least 2.11.0 and 2.12.0 #1011

Open
WoodyWoodsta opened this issue Nov 14, 2023 · 0 comments
Open

Critical CVEs in at least 2.11.0 and 2.12.0 #1011

WoodyWoodsta opened this issue Nov 14, 2023 · 0 comments

Comments

@WoodyWoodsta
Copy link

docker scout cves cockroachdb/cockroach-operator:v2.12.0
    ✓ Pulled
    ✓ Image stored for indexing
    ✓ Indexed 344 packages
    ✗ Detected 23 vulnerable packages with a total of 88 vulnerabilities


## Overview

                    │              Analyzed Image
────────────────────┼───────────────────────────────────────────
  Target            │  cockroachdb/cockroach-operator:v2.12.0
    digest          │  7cacb9821e89
    platform        │ linux/amd64
    vulnerabilities │    3C    49H    24M    13L     3?
    size            │ 190 MB
    packages        │ 344


## Packages and Vulnerabilities

   3C    36H    12M     1L     2?  stdlib 1.16.6
pkg:golang/[email protected]

    ✗ CRITICAL CVE-2023-24540
      https://scout.docker.com/v/CVE-2023-24540
      Affected range : <1.19.9
      Fixed version  : 1.19.9

    ✗ CRITICAL CVE-2023-24538
      https://scout.docker.com/v/CVE-2023-24538
      Affected range : <1.19.8
      Fixed version  : 1.19.8

    ✗ CRITICAL CVE-2022-23806
      https://scout.docker.com/v/CVE-2022-23806
      Affected range : <1.16.14
      Fixed version  : 1.16.14

    ✗ HIGH CVE-2023-29403
      https://scout.docker.com/v/CVE-2023-29403
      Affected range : <1.19.10
      Fixed version  : 1.19.10

    ✗ HIGH CVE-2022-30580
      https://scout.docker.com/v/CVE-2022-30580
      Affected range : <1.17.11
      Fixed version  : 1.17.11

    ✗ HIGH CVE-2023-44487
      https://scout.docker.com/v/CVE-2023-44487
      Affected range : <1.20.10
      Fixed version  : 1.20.10

    ✗ HIGH CVE-2023-39325
      https://scout.docker.com/v/CVE-2023-39325
      Affected range : <1.20.10
      Fixed version  : 1.20.10

    ✗ HIGH CVE-2023-24537
      https://scout.docker.com/v/CVE-2023-24537
      Affected range : <1.19.8
      Fixed version  : 1.19.8

    ✗ HIGH CVE-2023-24536
      https://scout.docker.com/v/CVE-2023-24536
      Affected range : <1.19.8
      Fixed version  : 1.19.8

    ✗ HIGH CVE-2023-24534
      https://scout.docker.com/v/CVE-2023-24534
      Affected range : <1.19.8
      Fixed version  : 1.19.8

    ✗ HIGH CVE-2022-41725
      https://scout.docker.com/v/CVE-2022-41725
      Affected range : <1.19.6
      Fixed version  : 1.19.6

    ✗ HIGH CVE-2022-41724
      https://scout.docker.com/v/CVE-2022-41724
      Affected range : <1.19.6
      Fixed version  : 1.19.6

    ✗ HIGH CVE-2022-41723
      https://scout.docker.com/v/CVE-2022-41723
      Affected range : <1.19.6
      Fixed version  : 1.19.6

    ✗ HIGH CVE-2022-41722
      https://scout.docker.com/v/CVE-2022-41722
      Affected range : <1.19.6
      Fixed version  : 1.19.6

    ✗ HIGH CVE-2022-41720
      https://scout.docker.com/v/CVE-2022-41720
      Affected range : <1.18.9
      Fixed version  : 1.18.9

    ✗ HIGH CVE-2022-41716
      https://scout.docker.com/v/CVE-2022-41716
      Affected range : <1.18.8
      Fixed version  : 1.18.8

    ✗ HIGH CVE-2022-41715
      https://scout.docker.com/v/CVE-2022-41715
      Affected range : <1.18.7
      Fixed version  : 1.18.7

    ✗ HIGH CVE-2022-32189
      https://scout.docker.com/v/CVE-2022-32189
      Affected range : <1.17.13
      Fixed version  : 1.17.13

    ✗ HIGH CVE-2022-30635
      https://scout.docker.com/v/CVE-2022-30635
      Affected range : <1.17.12
      Fixed version  : 1.17.12

    ✗ HIGH CVE-2022-30634
      https://scout.docker.com/v/CVE-2022-30634
      Affected range : <1.17.11
      Fixed version  : 1.17.11

    ✗ HIGH CVE-2022-30633
      https://scout.docker.com/v/CVE-2022-30633
      Affected range : <1.17.12
      Fixed version  : 1.17.12

    ✗ HIGH CVE-2022-30632
      https://scout.docker.com/v/CVE-2022-30632
      Affected range : <1.17.12
      Fixed version  : 1.17.12

    ✗ HIGH CVE-2022-30631
      https://scout.docker.com/v/CVE-2022-30631
      Affected range : <1.17.12
      Fixed version  : 1.17.12

    ✗ HIGH CVE-2022-30630
      https://scout.docker.com/v/CVE-2022-30630
      Affected range : <1.17.12
      Fixed version  : 1.17.12

    ✗ HIGH CVE-2022-29804
      https://scout.docker.com/v/CVE-2022-29804
      Affected range : <1.17.11
      Fixed version  : 1.17.11

    ✗ HIGH CVE-2022-2880
      https://scout.docker.com/v/CVE-2022-2880
      Affected range : <1.18.7
      Fixed version  : 1.18.7

    ✗ HIGH CVE-2022-2879
      https://scout.docker.com/v/CVE-2022-2879
      Affected range : <1.18.7
      Fixed version  : 1.18.7

    ✗ HIGH CVE-2022-28327
      https://scout.docker.com/v/CVE-2022-28327
      Affected range : <1.17.9
      Fixed version  : 1.17.9

    ✗ HIGH CVE-2022-28131
      https://scout.docker.com/v/CVE-2022-28131
      Affected range : <1.17.12
      Fixed version  : 1.17.12

    ✗ HIGH CVE-2022-27664
      https://scout.docker.com/v/CVE-2022-27664
      Affected range : <1.18.6
      Fixed version  : 1.18.6

    ✗ HIGH CVE-2022-24921
      https://scout.docker.com/v/CVE-2022-24921
      Affected range : <1.16.15
      Fixed version  : 1.16.15

    ✗ HIGH CVE-2022-24675
      https://scout.docker.com/v/CVE-2022-24675
      Affected range : <1.17.9
      Fixed version  : 1.17.9

    ✗ HIGH CVE-2022-23772
      https://scout.docker.com/v/CVE-2022-23772
      Affected range : <1.16.14
      Fixed version  : 1.16.14

    ✗ HIGH CVE-2021-44716
      https://scout.docker.com/v/CVE-2021-44716
      Affected range : <1.16.12
      Fixed version  : 1.16.12

    ✗ HIGH CVE-2021-41772
      https://scout.docker.com/v/CVE-2021-41772
      Affected range : <1.16.10
      Fixed version  : 1.16.10

    ✗ HIGH CVE-2021-41771
      https://scout.docker.com/v/CVE-2021-41771
      Affected range : <1.16.10
      Fixed version  : 1.16.10

    ✗ HIGH CVE-2021-39293
      https://scout.docker.com/v/CVE-2021-39293
      Affected range : <1.16.8
      Fixed version  : 1.16.8

    ✗ HIGH CVE-2023-29400
      https://scout.docker.com/v/CVE-2023-29400
      Affected range : <1.19.9
      Fixed version  : 1.19.9

    ✗ HIGH CVE-2023-24539
      https://scout.docker.com/v/CVE-2023-24539
      Affected range : <1.19.9
      Fixed version  : 1.19.9

    ✗ MEDIUM CVE-2023-29406
      https://scout.docker.com/v/CVE-2023-29406
      Affected range : <1.19.11
      Fixed version  : 1.19.11

    ✗ MEDIUM CVE-2022-32148
      https://scout.docker.com/v/CVE-2022-32148
      Affected range : <1.17.12
      Fixed version  : 1.17.12

    ✗ MEDIUM CVE-2022-1705
      https://scout.docker.com/v/CVE-2022-1705
      Affected range : <1.17.12
      Fixed version  : 1.17.12

    ✗ MEDIUM CVE-2023-39319
      https://scout.docker.com/v/CVE-2023-39319
      Affected range : <1.20.8
      Fixed version  : 1.20.8

    ✗ MEDIUM CVE-2023-39318
      https://scout.docker.com/v/CVE-2023-39318
      Affected range : <1.20.8
      Fixed version  : 1.20.8

    ✗ MEDIUM CVE-2021-36221
      https://scout.docker.com/v/CVE-2021-36221
      Affected range : >=1.16.0-0
                     : <1.16.7
      Fixed version  : 1.16.7

    ✗ MEDIUM CVE-2022-1962
      https://scout.docker.com/v/CVE-2022-1962
      Affected range : <1.17.12
      Fixed version  : 1.17.12

    ✗ MEDIUM CVE-2023-29409
      https://scout.docker.com/v/CVE-2023-29409
      Affected range : <1.19.12
      Fixed version  : 1.19.12

    ✗ MEDIUM CVE-2023-24532
      https://scout.docker.com/v/CVE-2023-24532
      Affected range : <1.19.7
      Fixed version  : 1.19.7

    ✗ MEDIUM CVE-2022-41717
      https://scout.docker.com/v/CVE-2022-41717
      Affected range : <1.18.9
      Fixed version  : 1.18.9

    ✗ MEDIUM CVE-2022-29526
      https://scout.docker.com/v/CVE-2022-29526
      Affected range : <1.17.10
      Fixed version  : 1.17.10

    ✗ MEDIUM CVE-2021-44717
      https://scout.docker.com/v/CVE-2021-44717
      Affected range : <1.16.12
      Fixed version  : 1.16.12

    ✗ LOW CVE-2022-30629
      https://scout.docker.com/v/CVE-2022-30629
      Affected range : <1.17.11
      Fixed version  : 1.17.11

    ✗ UNSPECIFIED CVE-2023-45284
      https://scout.docker.com/v/CVE-2023-45284
      Affected range : <1.20.11
      Fixed version  : 1.20.11

    ✗ UNSPECIFIED CVE-2023-45283
      https://scout.docker.com/v/CVE-2023-45283
      Affected range : <1.20.11
      Fixed version  : 1.20.11


   0C     2H     0M     0L  golang.org/x/net 0.0.0-20210805182204-aaa1db679c0d
pkg:golang/golang.org/x/[email protected]

    ✗ HIGH CVE-2022-27664
      https://scout.docker.com/v/CVE-2022-27664
      Affected range : <0.0.0-20220906165146-f3363e06e74c
      Fixed version  : 0.0.0-20220906165146-f3363e06e74c
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    ✗ HIGH CVE-2021-44716
      https://scout.docker.com/v/CVE-2021-44716
      Affected range : <0.0.0-20211209124913-491a49abca63
      Fixed version  : 0.0.0-20211209124913-491a49abca63


   0C     2H     0M     0L  golang.org/x/crypto 0.0.0-20210711020723-a769d52b0f97
pkg:golang/golang.org/x/[email protected]

    ✗ HIGH CVE-2022-27191 [Use of a Broken or Risky Cryptographic Algorithm]
      https://scout.docker.com/v/CVE-2022-27191
      Affected range : <0.0.0-20220314234659-1baeb1ce4c0b
      Fixed version  : 0.0.0-20220314234659-1baeb1ce4c0b
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    ✗ HIGH CVE-2021-43565
      https://scout.docker.com/v/CVE-2021-43565
      Affected range : <0.0.0-20211202192323-5770296d904e
      Fixed version  : 0.0.0-20211202192323-5770296d904e
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


   0C     2H     0M     0L  github.com/apache/thrift 0.0.0-20181211084444-2b7365c54f82
pkg:golang/github.com/apache/[email protected]

    ✗ HIGH CVE-2019-0210
      https://scout.docker.com/v/CVE-2019-0210
      Affected range : >=0.0.0-20151001171628-53dd39833a08
                     : <0.13.0
      Fixed version  : 0.13.0

    ✗ HIGH CVE-2019-0205 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
      https://scout.docker.com/v/CVE-2019-0205
      Affected range : <0.0.0-20191011170555-cecee50308fc
      Fixed version  : 0.0.0-20191011170555-cecee50308fc
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


   0C     1H     2M     0L  python3 3.6.8-51.el8_8.1
pkg:rpm/redhatlinux/[email protected]_8.1?os_name=redhatlinux&os_version=8

    ✗ HIGH CVE-2023-40217 [Authentication Bypass by Primary Weakness]
      https://scout.docker.com/v/CVE-2023-40217
      Affected range : <3.6.8-51.el8_8.2
      Fixed version  : 3.6.8-51.el8_8.2
      CVSS Score     : 8.6
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

    ✗ MEDIUM CVE-2007-4559 [Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')]
      https://scout.docker.com/v/CVE-2007-4559
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 5.5
      CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

    ✗ MEDIUM CVE-2023-27043 [Improper Input Validation]
      https://scout.docker.com/v/CVE-2023-27043
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 5.3
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N


   0C     1H     2M     0L  pip 9.0.3
pkg:pypi/[email protected]

    ✗ HIGH CVE-2019-20916 [Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')]
      https://scout.docker.com/v/CVE-2019-20916
      Affected range : <19.2
      Fixed version  : 19.2
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

    ✗ MEDIUM CVE-2021-3572 [Improper Input Validation]
      https://scout.docker.com/v/CVE-2021-3572
      Affected range : <21.1
      Fixed version  : 21.1
      CVSS Score     : 5.7
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

    ✗ MEDIUM CVE-2023-5752 [Improper Neutralization of Special Elements used in a Command ('Command Injection')]
      https://scout.docker.com/v/CVE-2023-5752
      Affected range : <23.3
      Fixed version  : 23.3
      CVSS Score     : 5.5
      CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N


   0C     1H     1M     0L  google.golang.org/grpc 1.39.1
pkg:golang/google.golang.org/[email protected]

    ✗ HIGH GHSA-m425-mq94-257g
      https://scout.docker.com/v/GHSA-m425-mq94-257g
      Affected range : <1.56.3
      Fixed version  : 1.56.3
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    ✗ MEDIUM CVE-2023-44487 [Uncontrolled Resource Consumption]
      https://scout.docker.com/v/CVE-2023-44487
      Affected range : <1.56.3
      Fixed version  : 1.56.3
      CVSS Score     : 5.3
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L


   0C     1H     0M     0L  setuptools 39.2.0
pkg:pypi/[email protected]

    ✗ HIGH CVE-2022-40897 [Inefficient Regular Expression Complexity]
      https://scout.docker.com/v/CVE-2022-40897
      Affected range : <65.5.1
      Fixed version  : 65.5.1
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


   0C     1H     0M     0L  gopkg.in/yaml.v3 3.0.0-20210107192922-496545a6307b
pkg:golang/gopkg.in/[email protected]

    ✗ HIGH CVE-2022-28948 [Deserialization of Untrusted Data]
      https://scout.docker.com/v/CVE-2022-28948
      Affected range : <3.0.0-20220521103104-8f96da9f5d5e
      Fixed version  : 3.0.0-20220521103104-8f96da9f5d5e
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


   0C     1H     0M     0L  github.com/prometheus/client_golang 1.7.1
pkg:golang/github.com/prometheus/[email protected]

    ✗ HIGH CVE-2022-21698 [Uncontrolled Resource Consumption]
      https://scout.docker.com/v/CVE-2022-21698
      Affected range : <1.11.1
      Fixed version  : 1.11.1
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


   0C     1H     0M     0L  golang.org/x/text 0.3.7
pkg:golang/golang.org/x/[email protected]

    ✗ HIGH CVE-2022-32149 [Missing Release of Resource after Effective Lifetime]
      https://scout.docker.com/v/CVE-2022-32149
      Affected range : <0.3.8
      Fixed version  : 0.3.8
      CVSS Score     : 7.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


   0C     0H     1M     1L  github.com/aws/aws-sdk-go 1.38.69
pkg:golang/github.com/aws/[email protected]

    ✗ MEDIUM CVE-2020-8911
      https://scout.docker.com/v/CVE-2020-8911
      Affected range : >=0
      Fixed version  : not fixed

    ✗ LOW CVE-2020-8912
      https://scout.docker.com/v/CVE-2020-8912
      Affected range : >=0
      Fixed version  : not fixed


   0C     0H     1M     0L     1?  github.com/jaegertracing/jaeger 1.18.1
pkg:golang/github.com/jaegertracing/[email protected]

    ✗ MEDIUM GHSA-2w8w-qhg4-f78j [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]
      https://scout.docker.com/v/GHSA-2w8w-qhg4-f78j
      Affected range : <1.47.0
      Fixed version  : 1.47.0
      CVSS Score     : 6.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

    ✗ UNSPECIFIED GMS-2023-1823 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
      https://scout.docker.com/v/GMS-2023-1823
      Affected range : <v1.47.0
      Fixed version  : v1.47.0


   0C     0H     1M     0L  libarchive 3.3.3-5.el8
pkg:rpm/redhatlinux/[email protected]?os_name=redhatlinux&os_version=8

    ✗ MEDIUM CVE-2023-30571 [Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')]
      https://scout.docker.com/v/CVE-2023-30571
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 5.3
      CVSS Vector    : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H


   0C     0H     1M     0L  gcc 8.5.0-18.el8
pkg:rpm/redhatlinux/[email protected]?os_name=redhatlinux&os_version=8

    ✗ MEDIUM CVE-2023-4039 []
      https://scout.docker.com/v/CVE-2023-4039
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 4.8
      CVSS Vector    : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N


   0C     0H     1M     0L  golang.org/x/sys 0.0.0-20210809222454-d867a43fc93e
pkg:golang/golang.org/x/[email protected]

    ✗ MEDIUM CVE-2022-29526 [Improper Privilege Management]
      https://scout.docker.com/v/CVE-2022-29526
      Affected range : <0.0.0-20220412211240-33da011f77ad
      Fixed version  : 0.0.0-20220412211240-33da011f77ad
      CVSS Score     : 5.3
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N


   0C     0H     1M     0L  zlib 1.2.11-21.el8_7
pkg:rpm/redhatlinux/[email protected]_7?os_name=redhatlinux&os_version=8

    ✗ MEDIUM CVE-2023-45853 [Heap-based Buffer Overflow]
      https://scout.docker.com/v/CVE-2023-45853
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 5.3
      CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L


   0C     0H     1M     0L  python-pip 9.0.3-22.el8
pkg:rpm/redhatlinux/[email protected]?os_name=redhatlinux&os_version=8

    ✗ MEDIUM CVE-2018-25091 [Exposure of Sensitive Information to an Unauthorized Actor]
      https://scout.docker.com/v/CVE-2018-25091
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 6.1
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N


   0C     0H     0M     6L  ncurses 6.1-9.20180224.el8_8.1
pkg:rpm/redhatlinux/[email protected]_8.1?os_name=redhatlinux&os_version=8

    ✗ LOW CVE-2020-19190 [Heap-based Buffer Overflow]
      https://scout.docker.com/v/CVE-2020-19190
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 6.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    ✗ LOW CVE-2020-19188 [Stack-based Buffer Overflow]
      https://scout.docker.com/v/CVE-2020-19188
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 6.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    ✗ LOW CVE-2020-19187 [Heap-based Buffer Overflow]
      https://scout.docker.com/v/CVE-2020-19187
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 6.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    ✗ LOW CVE-2020-19186 [Out-of-bounds Read]
      https://scout.docker.com/v/CVE-2020-19186
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 6.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    ✗ LOW CVE-2020-19185 [Heap-based Buffer Overflow]
      https://scout.docker.com/v/CVE-2020-19185
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 6.5
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    ✗ LOW CVE-2021-39537 [Improper Restriction of Operations within the Bounds of a Memory Buffer]
      https://scout.docker.com/v/CVE-2021-39537
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 5.5
      CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H


   0C     0H     0M     2L  curl 7.61.1-30.el8_8.3
pkg:rpm/redhatlinux/[email protected]_8.3?os_name=redhatlinux&os_version=8

    ✗ LOW CVE-2023-38546 [External Control of File Name or Path]
      https://scout.docker.com/v/CVE-2023-38546
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 5.0
      CVSS Vector    : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

    ✗ LOW CVE-2023-28322 [Expected Behavior Violation]
      https://scout.docker.com/v/CVE-2023-28322
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 3.7
      CVSS Vector    : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N


   0C     0H     0M     1L  shadow-utils 2:4.6-17.el8
pkg:rpm/redhatlinux/shadow-utils@2:4.6-17.el8?os_name=redhatlinux&os_version=8

    ✗ LOW CVE-2023-4641 [Incorrect Implementation of Authentication Algorithm]
      https://scout.docker.com/v/CVE-2023-4641
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 4.7
      CVSS Vector    : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N


   0C     0H     0M     1L  tpm2-tss 2.3.2-4.el8
pkg:rpm/redhatlinux/[email protected]?os_name=redhatlinux&os_version=8

    ✗ LOW CVE-2023-22745 [Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')]
      https://scout.docker.com/v/CVE-2023-22745
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 6.4
      CVSS Vector    : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H


   0C     0H     0M     1L  openssl 1:1.1.1k-9.el8_7
pkg:rpm/redhatlinux/openssl@1:1.1.1k-9.el8_7?os_name=redhatlinux&os_version=8

    ✗ LOW CVE-2023-3446 [Uncontrolled Resource Consumption]
      https://scout.docker.com/v/CVE-2023-3446
      Affected range : >=0
      Fixed version  : not fixed
      CVSS Score     : 5.3
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L



92 vulnerabilities found in 23 packages
  UNSPECIFIED  3
  LOW          13
  MEDIUM       24
  HIGH         49
  CRITICAL     3


What's Next?
  View base image update recommendations → docker scout recommendations cockroachdb/cockroach-operator:v2.12.0
@WoodyWoodsta WoodyWoodsta changed the title Critical CVEs in at least 2.11.0 Critical CVEs in at least 2.11.0 and 2.12.0 Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant