Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details ** CVEID: CVE-2023-49569 DESCRIPTION: **go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the...
9.8CVSS
10AI Score
EPSS
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: kubescape, loki, kaniko, tkn, conftest, datadog-agent, spire-server, buildkitd, aactl, buf, grype, goreleaser, dagger, trivy, melange, prometheus, up, wolfictl, telegraf, ctop, syft, kargo, crossplane, docker-compose, cadvisor, zot,...
5.9CVSS
5.9AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, falcoctl, nats, trillian, osv-scanner, step-ca, kaniko, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, capslock, k8sgpt, datadog-agent, kots, kubeadm-bootstrap-controller, spicedb, temporal-server,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.8AI Score
0.0004EPSS
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: keda, spicedb, temporal-server, trillian, telegraf, caddy, vault, step-ca, ferretdb, kine, amass, argo-workflows, kots, k3s, src,...
9.8CVSS
9.7AI Score
0.0004EPSS
GHSA-232P-VWFF-86MP vulnerabilities
Vulnerabilities for packages: melange, up, bom, ctop, helm, apko,...
7.5AI Score
7.5AI Score
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: melange, pulumi-kubernetes-operator, argo-cd, flux-notification-controller,...
7.5CVSS
7.7AI Score
0.0005EPSS
6.2CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
Vulnerabilities for packages: kubernetes-dns-node-cache, ip-masq-agent, kubernetes, spark-operator, aws-ebs-csi-driver, cluster-autoscaler, node-feature-discovery, kubernetes-csi-driver-hostpath, local-static-provisioner, nodetaint,...
2.7CVSS
4.3AI Score
0.0004EPSS
7.5AI Score
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5AI Score
7.5AI Score
7.5AI Score
GHSA-X84C-P2G9-RQV9 vulnerabilities
Vulnerabilities for packages: harbor-scanner-trivy, docker, melange, k3d, prometheus, wolfictl, docker-compose, buf, grype, kaniko, neuvector-scanner, tekton-pipelines, syft, dagger, cri-tools, helm-push,...
7.5AI Score
7.2CVSS
7.3AI Score
0.0004EPSS
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: envoy-ratelimit, gobuster, nats, aws-efs-csi-driver, thanos, kots, kubernetes-csi-livenessprobe, external-dns, grype, ollama, pulumi-language-dotnet, tctl, metacontroller, tomcat, vault-csi-provider, prometheus, up, gitlab-runner, telegraf,...
7.5CVSS
9AI Score
0.732EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: kubescape, cosign, dex, vexctl, cert-manager, rekor, tekton-pipelines, slsa-verifier, sops, tkn, argo-workflows, oauth2-proxy, kots, terragrunt, spire-server, argo-cd, aactl, kyverno, tekton-chains, external-secrets-operator, gitsign, cloudflared, fulcio,...
7.5AI Score
7.5AI Score
CVE-2024-23652 vulnerabilities
Vulnerabilities for packages: buildkitd, docker, kubescape, kaniko, zot, scorecard, guac, conftest, datadog-agent, trivy,...
10CVSS
9.7AI Score
0.001EPSS
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: docker, kubescape, ingress-nginx-controller, kaniko, newrelic-infrastructure-agent, datadog-agent, nvidia-device-plugin, kots, k3s, buildkitd, grype, nerdctl, zarf, runc, trivy, skopeo, wolfictl, telegraf, ctop, syft, k9s, skaffold, k3d, kubernetes, cadvisor,...
8.6CVSS
9.2AI Score
0.051EPSS
6.4CVSS
7.7AI Score
0.0004EPSS
6.5CVSS
7.7AI Score
0.001EPSS
7.5AI Score
7.5AI Score
6.3AI Score
0.0004EPSS
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: kubescape, helm, cert-manager, kaniko, tekton-pipelines, newrelic-infrastructure-agent, fuse-overlayfs-snapshotter, helm-push, kots, eksctl, gitness, grype, trivy, melange, up, telegraf, ctop, neuvector-agent, skaffold, cilium-cli, k3d, flux-source-controller, zot,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: eksctl, cilium-cli, kubescape, up, cert-manager, k9s, flux-source-controller, istio-operator, trivy, zot, zarf, k8sgpt, helm-operator, flux-helm-controller, helm-push, kots,...
6.4CVSS
6.7AI Score
0.0004EPSS
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: eksctl, cilium-cli, kubescape, up, cert-manager, k9s, flux-source-controller, istio-operator, trivy, zot, zarf, k8sgpt, helm-operator, flux-helm-controller, helm-push, kots,...
7.5AI Score
7.5AI Score
0.0004EPSS
7.5AI Score
8.9AI Score
0.0005EPSS
7.5AI Score
7.5AI Score
7.5AI Score
8.8CVSS
6.8AI Score
0.001EPSS
7.5AI Score
7.2AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
7.5AI Score
8.8CVSS
7.1AI Score
0.001EPSS
8.8CVSS
7.2AI Score
0.001EPSS
8.8CVSS
7.2AI Score
0.001EPSS
8.8CVSS
7.2AI Score
0.001EPSS