k8s-device-plugin icon indicating copy to clipboard operation
k8s-device-plugin copied to clipboard
verified publisher icon NVIDIA

Vulnerabilities in image

Open robbo10 opened this issue 5 years ago • 2 comments

Scanning nvidia/k8s-device-plugin:latest with Twistlock reports the following vulnerabilities. CRITICAL: 1

  • CVE-2019-12900

HIGH VULNERABILITIES: 6

  • CVE-2020-10878
  • CVE-2020-10543
  • CVE-2018-12886
  • CVE-2020-1712
  • CVE-2020-12723

MEDIUM VULNERABILITIES: 1

  • CVE-2019-5188

We were wondering if there are any plans on upgrading?

Thanks

robbo10 avatar Oct 28 '20 10:10 robbo10

The use of :latest tags is not recommend. We're moving away from that and will deprecate them soon. Please use a version tag such as :v0.7.0 in your deployment.

To address those CVEs, my recommendation is to change the base image in the ubuntu Dockerfile from nvidia/cuda:10.2-base-ubuntu16.04 to nvidia/cuda:11.1-base-ubuntu20.04 A future release will contain this (or a similar) update.

nvjmayo avatar Oct 28 '20 17:10 nvjmayo

This issue is stale because it has been open 90 days with no activity. This issue will be closed in 30 days unless new comments are made or the stale label is removed.

github-actions[bot] avatar Feb 29 '24 04:02 github-actions[bot]

This issue is stale because it has been open 90 days with no activity. This issue will be closed in 30 days unless new comments are made or the stale label is removed.

github-actions[bot] avatar May 31 '24 04:05 github-actions[bot]

This issue was automatically closed due to inactivity.

github-actions[bot] avatar Jul 01 '24 04:07 github-actions[bot]