Brief Description
-----------------
The following images related to ptp-notification are old and have CVEs:
- docker.io/starlingx/notificationclient-base:stx.9.0-v2.1.1 >> last built in March 2023
- docker.io/starlingx/locationservice-base:stx.8.0-v2.0.0 >> last built in Dec 2022
- docker.io/rabbitmq:3.8.11-management >> obsolete and no longer recommended for use
Severity
--------
Major - CVE / vulnerability issues
Steps to Reproduce
------------------
CVE scan using 3rd party tool
Expected Behavior
------------------
Write down what was expected after taking the steps written above
Actual Behavior
----------------
Many CVEs are reported
Reproducibility
---------------
Reproducible
System Configuration
--------------------
Any
Branch/Pull Time/Commit
-----------------------
The above images are used in all recent stx main branch builds
Brief Description io/starlingx/ notificationcli ent-base: stx.9.0- v2.1.1 >> last built in March 2023 io/starlingx/ locationservice -base:stx. 8.0-v2. 0.0 >> last built in Dec 2022 io/rabbitmq: 3.8.11- management >> obsolete and no longer recommended for use
-----------------
The following images related to ptp-notification are old and have CVEs:
- docker.
- docker.
- docker.
Severity
--------
Major - CVE / vulnerability issues
Steps to Reproduce
------------------
CVE scan using 3rd party tool
Expected Behavior
------------------
Write down what was expected after taking the steps written above
Actual Behavior
----------------
Many CVEs are reported
Reproducibility
---------------
Reproducible
System Configuration ------- ------
-------
Any
Branch/Pull Time/Commit ------- ------- --
-------
The above images are used in all recent stx main branch builds
Last Pass
---------
N/A
Timestamp/Logs
--------------
Not Required
Test Activity
-------------
CVE scan
Workaround
----------
None