You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps did you take and what happened:
When we scanned kubeflownotebookswg/centraldashboard:v1.7.0 image, we found following vulnerabilities
Vulnerabilities
===============
CVE Package Version Severity Status CVSS
--- ------- ------- -------- ------ ----
CVE-2022-37434 zlib 1.2.12-r0 critical fixed in 1.2.12-r2 9.8
CVE-2021-44906 minimist 1.2.5 critical fixed in 1.2.6 9.8
CVE-2020-7746 chart.js 2.8.0 critical fixed in 2.9.4 9.8
CVE-2023-0464 openssl 1.1.1n-r0 high fixed in 1.1.1t-r2 7.5
CVE-2023-0215 openssl 1.1.1n-r0 high fixed in 1.1.1t-r0 7.5
CVE-2022-4450 openssl 1.1.1n-r0 high fixed in 1.1.1t-r0 7.5
CVE-2022-3517 minimatch 3.0.4 high fixed in 3.0.5 7.5
CVE-2022-31129 moment 2.29.2 high fixed in 2.29.4 7.5
CVE-2022-25878 protobufjs 6.11.2 high fixed in 6.11.3 7.5
CVE-2022-24999 qs 6.5.2 high fixed in 6.10.3 7.5
CVE-2022-24999 qs 6.7.0 high fixed in 6.10.3 7.5
CVE-2021-3807 ansi-regex 4.1.0 high fixed in 4.1.1 7.5
CVE-2021-3807 ansi-regex 3.0.0 high fixed in 4.1.1 7.5
CVE-2021-23343 path-parse 1.0.6 high fixed in 1.0.7 7.5
CVE-2023-0286 openssl 1.1.1n-r0 high fixed in 1.1.1t-r0 7.4
PRISMA-2022-0022 node-forge 0.10.0 high fixed in 1.0.0 7
CVE-2022-24772 node-forge 0.10.0 high fixed in 1.3.0 7
CVE-2022-24771 node-forge 0.10.0 high fixed in 1.3.0 7
CVE-2022-38778 decode-uri-component 0.2.0 medium fixed in 0.2.1 6.5
CVE-2022-0235 node-fetch 2.6.6 medium fixed in 3.1.1, 2.6.7 6.1
CVE-2022-4304 openssl 1.1.1n-r0 medium fixed in 1.1.1t-r0 5.9
CVE-2020-28928 musl 1.2.2-r7 medium fixed in 1.2.2_pre2-r0 5.5
CVE-2023-0465 openssl 1.1.1n-r0 medium fixed in 1.1.1t-r3 5.3
CVE-2022-33987 got 6.7.1 medium fixed in 12.1.0 5.3
CVE-2022-2097 openssl 1.1.1n-r0 medium fixed in 1.1.1q-r0 5.3
CVE-2022-24773 node-forge 0.10.0 moderate fixed in 1.3.0 4
CVE-2022-0122 node-forge 0.10.0 moderate fixed in 1.0.0 4
CVE-2020-15366 ajv 6.9.2 moderate fixed in 6.12.3 4
Compliance
==========
Severity Description
-------- -----------
high (CIS_Docker_CE_v1.1.0 - 4.1) Image should be created with a non-root user
What did you expect to happen:
An image should not have critical CVEs before we deploy it to any production environment.
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
Kubeflow version: (version number can be found at the bottom left corner of the Kubeflow dashboard): v1.7.0
kfctl version: (use kfctl version):
Kubernetes platform: (e.g. minikube)
Kubernetes version: (use kubectl version):
OS (e.g. from /etc/os-release):
The text was updated successfully, but these errors were encountered:
/kind bug
What steps did you take and what happened:
When we scanned
kubeflownotebookswg/centraldashboard:v1.7.0
image, we found following vulnerabilitiesWhat did you expect to happen:
An image should not have critical CVEs before we deploy it to any production environment.
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
kfctl version
):minikube
)kubectl version
):/etc/os-release
):The text was updated successfully, but these errors were encountered: