Fix Medium severity CVEs #1452

ramandeepsharma · 2024-09-16T12:40:29Z

/kind bug

What happened?
A scan detected the following CVE:

What you expected to happen?
Please address the identified CVE.

Vulnerability_id	Package Name	Vulnerable Version	Fixed Version	Type	Severity
CVE-2024-5535	openssl	1:1.0.2k-24.amzn2.0.12	1:1.0.2k-24.amzn2.0.13	amazon	MEDIUM
CVE-2024-5535	openssl-libs	1:1.0.2k-24.amzn2.0.12	1:1.0.2k-24.amzn2.0.13	amazon	MEDIUM

CVE found related to k8s.io/kubernetes version as well:

Vulnerability_id	Package Name	Vulnerable Version	Fixed Version	Type	Severity
CVE-2024-5321	k8s.io/kubernetes	v1.26.11	1.27.16, 1.28.12, 1.29.7, 1.30.3	gobinary	MEDIUM

Environment

The text was updated successfully, but these errors were encountered:

mskanth972 · 2024-09-27T20:20:21Z

We Mitigated in the latest version v2.0.8, can you pull the latest image.

public.ecr.aws/efs-csi-driver/amazon/aws-efs-csi-driver:v2.0.8 (amazon 2 (Karoo))

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Sep 16, 2024

Provide feedback