2024-01-26 19:30:04 |
Ghada Khalil |
bug |
|
|
added bug |
2024-01-26 19:30:10 |
Ghada Khalil |
starlingx: importance |
Undecided |
Medium |
|
2024-01-26 19:32:57 |
Ghada Khalil |
description |
Brief Description
-----------------
The following images related to ptp-notification are old and have CVEs:
- docker.io/starlingx/notificationclient-base:stx.9.0-v2.1.1 >> last built in March 2023
- docker.io/starlingx/locationservice-base:stx.8.0-v2.0.0 >> last built in Dec 2022
- docker.io/rabbitmq:3.8.11-management >> obsolete and no longer recommended for use
Severity
--------
Major - CVE / vulnerability issues
Steps to Reproduce
------------------
CVE scan using 3rd party tool
Expected Behavior
------------------
Write down what was expected after taking the steps written above
Actual Behavior
----------------
Many CVEs are reported
Reproducibility
---------------
Reproducible
System Configuration
--------------------
Any
Branch/Pull Time/Commit
-----------------------
The above images are used in all recent stx main branch builds
Last Pass
---------
N/A
Timestamp/Logs
--------------
Not Required
Test Activity
-------------
CVE scan
Workaround
----------
None |
Brief Description
-----------------
The following images related to ptp-notification are old and have CVEs:
- docker.io/starlingx/notificationclient-base:stx.9.0-v2.1.1 >> last built in March 2023
- docker.io/starlingx/locationservice-base:stx.8.0-v2.0.0 >> last built in Dec 2022
- docker.io/rabbitmq:3.8.11-management >> obsolete and no longer recommended for use
They should be updated/rebuilt to pick up CVE fixes
Severity
--------
Major - CVE / vulnerability issues
Steps to Reproduce
------------------
CVE scan using 3rd party tool
Expected Behavior
------------------
Write down what was expected after taking the steps written above
Actual Behavior
----------------
Many CVEs are reported
Reproducibility
---------------
Reproducible
System Configuration
--------------------
Any
Branch/Pull Time/Commit
-----------------------
The above images are used in all recent stx main branch builds
Last Pass
---------
N/A
Timestamp/Logs
--------------
Not Required
Test Activity
-------------
CVE scan
Workaround
----------
None |
|
2024-01-26 19:33:54 |
Ghada Khalil |
starlingx: assignee |
|
Andre Mauricio Zelak (azelak) |
|
2024-01-29 16:49:41 |
OpenStack Infra |
starlingx: status |
New |
In Progress |
|
2024-01-30 00:57:29 |
Ghada Khalil |
tags |
|
stx.9.0 stx.networking stx.security |
|
2024-01-30 01:02:27 |
Ghada Khalil |
description |
Brief Description
-----------------
The following images related to ptp-notification are old and have CVEs:
- docker.io/starlingx/notificationclient-base:stx.9.0-v2.1.1 >> last built in March 2023
- docker.io/starlingx/locationservice-base:stx.8.0-v2.0.0 >> last built in Dec 2022
- docker.io/rabbitmq:3.8.11-management >> obsolete and no longer recommended for use
They should be updated/rebuilt to pick up CVE fixes
Severity
--------
Major - CVE / vulnerability issues
Steps to Reproduce
------------------
CVE scan using 3rd party tool
Expected Behavior
------------------
Write down what was expected after taking the steps written above
Actual Behavior
----------------
Many CVEs are reported
Reproducibility
---------------
Reproducible
System Configuration
--------------------
Any
Branch/Pull Time/Commit
-----------------------
The above images are used in all recent stx main branch builds
Last Pass
---------
N/A
Timestamp/Logs
--------------
Not Required
Test Activity
-------------
CVE scan
Workaround
----------
None |
Brief Description
-----------------
The following images related to ptp-notification are old and have CVEs:
- docker.io/starlingx/notificationclient-base:stx.9.0-v2.1.1 >> last built in March 2023
- docker.io/starlingx/locationservice-base:stx.8.0-v2.0.0 >> last built in Dec 2022
- docker.io/rabbitmq:3.8.11-management >> obsolete and no longer recommended for use
They should be updated/rebuilt to pick up CVE fixes
Severity
--------
Major - CVE / vulnerability issues
Steps to Reproduce
------------------
CVE scan using 3rd party tool
Expected Behavior
------------------
No/limited CVEs are reported
Actual Behavior
----------------
Many CVEs are reported
Reproducibility
---------------
Reproducible
System Configuration
--------------------
Any
Branch/Pull Time/Commit
-----------------------
The above images are used in all recent stx main branch builds
Last Pass
---------
N/A
Timestamp/Logs
--------------
Not Required
Test Activity
-------------
CVE scan
Workaround
----------
None |
|
2024-03-11 13:32:42 |
OpenStack Infra |
starlingx: status |
In Progress |
Fix Released |
|
2024-03-26 12:11:58 |
Ghada Khalil |
tags |
stx.9.0 stx.networking stx.security |
stx.9.0 stx.apps stx.networking stx.security |
|