CVE: Container Images related to Portieris have one or more critical or high CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Jerry Sun |
Bug Description
Brief Description
-----------------
The following images related to portieris are old and have CVEs:
- icr.io/
- docker.
The recommendation is to move to a new version of portieris (v0.13.10) and rebuild the StarlingX-built portieris image as it was last built in July 2020.
Severity
--------
Major - CVE / vulnerability issues
Steps to Reproduce
------------------
CVE scan using 3rd party tool
Expected Behavior
------------------
No/limited CVEs are reported
Actual Behavior
----------------
Many CVEs are reported
Reproducibility
---------------
Reproducible
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
The above images are used in all recent stx main branch builds
Last Pass
---------
N/A
Timestamp/Logs
--------------
Not Required
Test Activity
-------------
CVE scan
Workaround
----------
None
Changed in starlingx: | |
importance: | Undecided → Medium |
assignee: | nobody → Jerry Sun (jerry-sun-u) |
tags: | added: stx.9.0 stx.apps stx.security |
Fix proposed to branch: master /review. opendev. org/c/starlingx /portieris- armada- app/+/907333
Review: https:/