containers
containers copied to clipboard
bitnami
Security Vulnerabilities
Name and Version
bitnami/cluster-autoscaler:1.25.0
What steps will reproduce the bug?
Vulnerabilities scanned by PRISMA tool
What is the expected behavior?
No response
What do you see instead?
| Component | Version | Vulnerability | Severity |
|---|---|---|---|
| ncurses | 6.2+20201114-2 | CVE-2022-29458 | low |
| openssl | 1.1.1n-0+deb11u3 | CVE-2022-2097 | low |
| pcre2 | 10.36-2 | CVE-2022-1587 | low |
| pcre2 | 10.36-2 | CVE-2022-1586 | low |
| e2fsprogs | 1.46.2-2 | CVE-2022-1304 | low |
| glibc | 2.31-13+deb11u3 | CVE-2021-3999 | low |
| libsepol | 3.1-1 | CVE-2021-36087 | low |
| libsepol | 3.1-1 | CVE-2021-36086 | low |
| libsepol | 3.1-1 | CVE-2021-36085 | low |
| libsepol | 3.1-1 | CVE-2021-36084 | low |
| libgcrypt20 | 1.8.7-6 | CVE-2021-33560 | low |
| db5.3 | 5.3.28+dfsg1-0.8 | CVE-2019-8457 | low |
| curl | 7.74.0-1.3+deb11u2 | CVE-2022-35252 | low |
| perl | 5.32.1-4+deb11u2 | CVE-2020-16156 | low |
| coreutils | 8.32-4 | CVE-2016-2781 | low |
| medium | github.com/aws/aws-sdk-go | PRISMA-2022-0164 | |
| PRISMA-2022-0227 | |||
| PRISMA-2022-0270 |
Additional information
No response
Hi, unfortunately, those security vulnerabilities are not fixed by the OS or the application itself, so although we built the images on a regular basis to provide the latest version of system packages, this kind of CVE will be reported while there is no new version patching the issue in the OS or the application.
At this moment there is not any fixable vulnerability in the container image
$ trivy image --ignore-unfixed bitnami/cluster-autoscaler:1.25.0
2022-09-09T08:02:09.990Z INFO Vulnerability scanning is enabled
2022-09-09T08:02:09.990Z INFO Secret scanning is enabled
2022-09-09T08:02:09.990Z INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-09-09T08:02:09.990Z INFO Please see also https://aquasecurity.github.io/trivy/v0.31.2/docs/secret/scanning/#recommendation for faster secret detection
2022-09-09T08:02:16.848Z INFO Detected OS: debian
2022-09-09T08:02:16.848Z INFO Detecting Debian vulnerabilities...
2022-09-09T08:02:16.861Z INFO Number of language-specific files: 1
2022-09-09T08:02:16.861Z INFO Detecting gobinary vulnerabilities...
bitnami/cluster-autoscaler:1.25.0 (debian 11.4)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
The Bitnami Application Catalog (OpenSource) is based on Debian 11 but Bitnami, as part of VMware, provides a custom container and Helm Charts catalog based on the desired base image (generic distro such as Debian 10 & 11, CentOS 7, PhotonOS 3 & 4, Ubuntu 18.04, 20.04 & 22.04, or custom golden image) through the VMware Tanzu Application Catalog.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
Prisma scan reports another CVE:
| Component | Version | Vulnerability | Severity |
|---|---|---|---|
| libtasn1-6 | 4.16.0-2 | CVE-2021-46848 | critical |
