k8s-device-plugin
k8s-device-plugin copied to clipboard
NVIDIA
Addressing several security vulnerabilities in the version v0.14.4 and v0.14.5
Release of version v0.14.4 and v0.14.5 run under Ubuntu 20.04.6 LTS contains several vulnerabilities Some vulnerabilities can be fixed by upgrading the version of affected packages as below.
as requirement of our security remediating process in our org, we would like to report vulnerabilities for this version (though we will follow your release process)
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS |
|---|---|---|---|---|---|
| PRISMA-2022-0227 | high | 7.50 | github.com/emicklei/go-restful/v3 | v3.9.0 | fixed in v3.10.0 |
| CVE-2023-47038 | medium | 7.80 | perl | 5.30.0-9ubuntu0.4 | fixed in 5.30.0-9ubuntu0.5 |
| CVE-2024-0553 | medium | 7.50 | gnutls28 | 3.6.13-2ubuntu1.8 | fixed in 3.6.13-2ubuntu1.10 |
| CVE-2023-7104 | medium | 7.30 | sqlite3 | 3.31.1-4ubuntu0.5 | fixed in 3.31.1-4ubuntu0.6 |
| CVE-2023-5981 | medium | 5.90 | gnutls28 | 3.6.13-2ubuntu1.8 | fixed in 3.6.13-2ubuntu1.9 |
| CVE-2024-22365 | medium | 5.50 | pam | 1.3.1-5ubuntu4.6 | fixed in 1.3.1-5ubuntu4.7 |
| CVE-2023-39804 | medium | 0.00 | tar | 1.30+dfsg-7ubuntu0.20.04.3 | fixed in 1.30+dfsg-7ubuntu0.20.04.4 |
| CVE-2023-26604 | low | 7.80 | systemd | 245.4-4ubuntu3.22 | needed |
| CVE-2023-2953 | low | 7.50 | openldap | 2.4.49+dfsg-2ubuntu1.9 | fixed in 2.4.49+dfsg-2ubuntu1.10 |
| CVE-2023-50495 | low | 6.50 | ncurses | 6.2-0ubuntu2.1 | needed |
| CVE-2016-2781 | low | 6.50 | coreutils | 8.30-3ubuntu2 | deferred |
| CVE-2023-7008 | low | 5.90 | systemd | 245.4-4ubuntu3.22 | needed |
| CVE-2023-4813 | low | 5.90 | glibc | 2.31-0ubuntu9.12 | fixed in 2.31-0ubuntu9.14 |
| CVE-2023-4806 | low | 5.90 | glibc | 2.31-0ubuntu9.12 | fixed in 2.31-0ubuntu9.14 |
| CVE-2024-0727 | low | 5.50 | openssl | 1.1.1f-1ubuntu2.20 | fixed in 1.1.1f-1ubuntu2.21 |
| CVE-2023-4641 | low | 5.50 | shadow | 1:4.8.1-1ubuntu5.20.04.4 | fixed in 1:4.8.1-1ubuntu5.20.04.5 |
| CVE-2023-5678 | low | 5.30 | openssl | 1.1.1f-1ubuntu2.20 | fixed in 1.1.1f-1ubuntu2.21 |
| CVE-2013-4235 | low | 4.70 | shadow | 1:4.8.1-1ubuntu5.20.04.4 | needed |
| CVE-2023-4016 | low | 3.30 | procps | 2:3.3.16-1ubuntu2.3 | fixed in 2:3.3.16-1ubuntu2.4 |
| CVE-2023-29383 | low | 3.30 | shadow | 1:4.8.1-1ubuntu5.20.04.4 | needed |
| CVE-2022-3219 | low | 3.30 | gnupg2 | 2.2.19-3ubuntu2.2 | deferred |
| CVE-2023-45918 | low | 0.00 | ncurses | 6.2-0ubuntu2.1 | needed |
| CVE-2023-29406 | medium | 6.50 | go | go 1.20.5 | needed |
| CVE-2023-29409 | medium | 6.50 | go | go 1.20.5 | needed |
| CVE-2023-39318 | medium | 6.50 | go | go 1.20.5 | needed |
| CVE-2023-39319 | medium | 6.50 | go | go 1.20.5 | needed |
| CVE-2023-39323 | medium | 6.50 | go | go 1.20.5 | needed |
| CVE-2023-45283 | medium | 6.50 | go | go 1.20.5 | needed |
| CVE-2023-45285 | medium | 6.50 | go | go 1.20.5 | needed |
Compliance Issues
| SEVERITY | DESCRIPTION |
|---|---|
| high | (CIS_Docker_v1.5.0 - 4.1) Image should be created with a non-root user |
